GitHub Disables npm Installation Scripts by Default Against Supply Chain Attacks11. June 2026Claude Code, Cybersecuritynpm 12 disables install scripts by default to make it harder to exploit lifecycle hooks for supply chain attacks. Share on: