GitHub Disables npm Installation Scripts by Default Against Supply Chain Attacks11. June 2026Claude Code, CybersecurityShare on:npm 12 disables install scripts by default to make it harder to exploit lifecycle hooks for supply chain attacks. Share on:
GitHub Disables Automatic Script Execution in npm Starting with Version 1211. June 2026Claude Code, CybersecurityShare on:npm blocks automatic package installation scripts by default starting with version 12, a practice that competitors like Yarn, pnpm, and Bun had already established. Share on:
GitHub Announces Security Measures for npm v12 Against Supply-Chain Attacks10. June 2026CybersecurityShare on:npm v12 introduces security measures to prevent automated attack vectors during package installation. Share on:
npm v12: Installation Scripts of Dependencies Require Explicit Approval from 202610. June 2026Cybersecurity, RegulationShare on:npm v12 disables installation scripts of dependencies by default, thereby closing an attack surface for supply-chain attacks. Share on:
