#10
The Hacker News
general
July 09, 2026 at 16:49 UTC
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
By [email protected] (The Hacker News)
AI Summary
npm version 12 ships with install scripts disabled by default, requiring explicit opt-in via 'allowScripts,' and deprecates granular access tokens (GATs) that could bypass two-factor authentication. GitHub made the change to reduce supply chain attack surface following a series of high-profile malicious package incidents on the registry.
Relevance score: 74.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →