Browse all docs

Digests & notifications

How the email digest works, how to schedule it, and what counts as worth notifying about.

A digest is the periodic email summary of activity across your tracked sources. It rolls up new releases and high-risk available upgrades since the last digest, filtered by your notification threshold.

Configuring the digest #

From Settings → Digests:

  • Frequency. Daily or weekly.
  • Time of day. Pick a delivery time in your local timezone; we store the timezone you select so DST shifts don't move your delivery slot unexpectedly.
  • Threshold. The minimum risk score that earns a place in the email. Default is 70 (High band).

Disabling the digest entirely is fine; the pulse feed is the source of truth for activity, and the email is just a convenient summary.

What's in a typical digest #

The email is organized so the things that need a decision rise to the top and the routine noise stays out of the way. Each section below (after the overview and highlights) appears under its own headline in the email:

  • Overview: a tight two-to-three-sentence summary that leads with the single most critical item, security advisories first. It's the at-a-glance read before you scroll.
  • Key Highlights: a short, deduplicated list of the most important items, one line per source. When the digest carries both releases and standalone advisories, the panel splits into two labeled sub-sections — Priority Releases first (what most updates are about), then Security Advisories below — so release highlights aren't pushed out of view by advisories. Within the releases sub-section, items are ordered by severity (security updates, then breaking changes, then lower-risk signals) so every breaking change is grouped together near the top rather than scattered through the list.
  • Priority Releases: full cards for anything notable: security updates, breaking changes, or a Medium-or-higher risk score. When a single source ships several notable releases in the same window, they're grouped under one card (the source is named once) instead of repeating the header for each release.
  • Security Advisories: advisories affecting packages you depend on that have no fix release yet, most severe first. They follow the release cards — mirroring the Key Highlights order, where Priority Releases lead — but still sit above the routine list, so a critical, unfixed advisory that needs action now is never buried at the end of the email.
  • Routine Updates: low-risk releases (dependency bumps, patch releases) are condensed to one line per source (the source name, a count, and a few version numbers) rather than a full card each. They're still in the email, just compact.
  • Quick-actions: deep links into the relevant source detail, plus a "view all on your dashboard" link if the digest is long enough to be capped.

A release flagged with breaking changes is always treated as a priority release: it never lands in the condensed routine list and is never shown as "Low risk" (see risk scoring).

Keeping large digests readable #

If you track hundreds or thousands of sources, a digest that listed every release in full would be unusable. Two mechanisms keep it scannable regardless of account size:

  • Routine low-risk updates are rolled up to a single line per source.
  • The email caps how many full cards and routine lines it renders; anything beyond the cap is summarized in a single "+ N more updates across M sources, view all on your dashboard" line so nothing is silently dropped.

Anti-spam mechanics #

  • We coalesce duplicate releases (same source, retag, same version) into a single line, and condense low-risk routine updates to one line per source.
  • If nothing crossed your threshold during the digest window, no email is sent. Quiet inboxes when nothing's happening.
  • Unsubscribes are honored at the SES level immediately; you can also toggle the digest off from settings.

Per-source overrides #

Currently digests are configured at the account level; there's no per-source threshold. If a single source is generating noise, the better lever is to deactivate it (sources don't poll once deactivated, and re-activating preserves the history).

News & discussions (Pulse only) #

The Pulse News & discussions section surfaces highly-engaged open GitHub issues on your tracked repos. These rows are not included in email digests today: issues are noisier than releases or advisories, and we'd rather you check them when you're already in the dashboard than send a longer email. Releases and advisories continue to drive the digest.

PreviousPulse feedNext Explore