> TritonInfoSec News
Home / Jun 15, 2026 / Story
0
#2 SecurityWeek general June 13, 2026 at 15:52 UTC

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

By Ionut Arghire

AI Summary

NPM 12 will change the default behavior of 'npm install' to block automatic script execution from dependencies, a significant hardening measure targeting a well-documented supply chain attack vector. Developers and security teams managing JavaScript pipelines will need to explicitly allowlist packages requiring install scripts. This addresses a long-standing risk class exploited in attacks such as the event-stream compromise and numerous malicious npm package campaigns.

Read full article → https://www.securityweek.com/npm-12-will-change-sc…

Relevance score: 78.0/100

# More from June 15

  1. 1
    FBI disrupts massive AI-powered phishing service using a million URLs BleepingComputer
  2. 3
    Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls SecurityWeek
  3. 4
    US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos BleepingComputer
  4. 5
    Anthropic disables new models after government calls them a national security concern CyberScoop
  5. 6
    Ex-school district employee jailed for hacks on former employer BleepingComputer
  6. 7
    Upcoming Speaking Engagements Schneier on Security
  7. 8
    Review: Disclosure Day is big on action, light on ideas Ars Technica Security
  8. 9
    Did a medieval flying monk spot Halley's comet, twice? It's complicated Ars Technica Security
  9. 10
    Threads of underground fungal networks are long enough to reach beyond the Solar System Ars Technica Security