THREATOPS
THREAT OPSThreat News › npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

lowthehackernewsPublished 2026-07-09

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).

The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in -

allowScripts defaults to off, meaning

Original source: https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html