npm Version 12: Installation Scripts Now Require Explicit Approval14. June 2026Cybersecuritynpm 12 blocks automatic execution of installation scripts, Git dependencies, and external URLs by default — future operations will require explicit approval. Share on:
GitHub Disables npm Installation Scripts by Default Against Supply Chain Attacks11. June 2026Claude Code, Cybersecuritynpm 12 disables install scripts by default to make it harder to exploit lifecycle hooks for supply chain attacks. Share on:
GitHub Announces Security Measures for npm v12 Against Supply-Chain Attacks10. June 2026Cybersecuritynpm v12 introduces security measures to prevent automated attack vectors during package installation. Share on: