National Cyber Warfare Foundation (NCWF)

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk


0 user ratings
2026-07-09 17:07:39
milo
Blue Team (CND)
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).

The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in -


allowScripts defaults to off, meaning



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.