> TritonInfoSec News
Home / Jun 12, 2026 / Story
0
#6 The Hacker News general June 11, 2026 at 06:23 UTC

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

By [email protected] (The Hacker News)

AI Summary

GitHub announced that npm v12 — expected next month — will disable install scripts by default, directly blocking a primary supply chain attack vector where malicious code executes via npm lifecycle hooks during 'npm install'. This is a breaking change affecting many packages that rely on postinstall scripts, meaning developers will need to audit dependencies before upgrading. The move comes amid ongoing supply chain attacks including the brief GitHub leak of the Miasma credential-stealing framework source code.

Read full article → https://thehackernews.com/2026/06/github-to-disabl…

Relevance score: 82.0/100

# More from June 12

  1. 1
    ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities The Hacker News
  2. 2
    CISA tells govt agencies to patch critical exploited flaws in 3 days BleepingComputer
  3. 3
    Max severity Ivanti Sentry vulnerability now exploited in attacks BleepingComputer
  4. 4
    Microsoft Patches Exploited Exchange Server Vulnerability SecurityWeek
  5. 5
    Russian national charged in connection with Void Blizzard espionage campaign CyberScoop
  6. 7
    New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files The Hacker News
  7. 8
    ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances The Hacker News
  8. 9
    China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance The Hacker News
  9. 10
    Coupang hit with record $409 million data breach fine in Korea BleepingComputer