Digests & notifications

A digest is the periodic email summary of activity across your tracked sources. It rolls up new releases and lockfile alerts since the last digest, filtered by your notification threshold.

Configuring the digest #

From Settings → Digests:

• Frequency. Daily or weekly.
• Time of day. Pick a delivery time in your local timezone — we store the timezone you select so DST shifts don't move your delivery slot unexpectedly.
• Threshold. The minimum risk score that earns a place in the email. Default is 70 (High band).

Disabling the digest entirely is fine — the pulse feed is the source of truth for activity, and the email is just a convenient summary.

What's in a typical digest #

• Top-priority releases — anything above your threshold.
• Lockfile alerts — new alerts that fired since the last digest, with the affected packages called out.
• Quick-actions — deep links into the relevant source detail or alert.

Anti-spam mechanics #

• We coalesce duplicate releases (same source, retag, same version) into a single line.
• If nothing crossed your threshold during the digest window, no email is sent — quiet inboxes when nothing's happening.
• Unsubscribes are honored at the SES level immediately; you can also toggle the digest off from settings.

Per-source overrides #

Currently digests are configured at the account level — there's no per-source threshold. If a single source is generating noise, the better lever is to deactivate it (sources don't poll once deactivated, and re-activating preserves the history).