URL has been copied successfully!
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks


Tags: , , , ,

GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats.The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install” is used to download and install all the necessary

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Top 10 MCP vulnerabilities: The hidden risks of AI integrations
  2. Self-propagating worm found in marketplaces for Visual Studio Code extensions
  3. How GlassWorm wormed its way back into developers’ code, and what it says about open source security
  4. Mistral AI SDK, TanStack Router hit in npm software supply chain attack