npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

"Prevention is cheaper than a breach"

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).

The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in –

allowScripts defaults to off, meaning

Scroll to top