Home / Jul 10, 2026 / Story
0
#10 The Hacker News general July 09, 2026 at 16:49 UTC

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

By [email protected] (The Hacker News)

AI Summary

npm version 12 ships with install scripts disabled by default, requiring explicit opt-in via 'allowScripts,' and deprecates granular access tokens (GATs) that could bypass two-factor authentication. GitHub made the change to reduce supply chain attack surface following a series of high-profile malicious package incidents on the registry.

Relevance score: 74.0/100

# More from July 10