npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

Read full story on The Hacker News
Share
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
AI disclosure

Summary

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning

Original reporting

Open original source
Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.