SPIN Unprocessed
Source The Hacker News feeds.feedburner.com Media Center
July 9, 2026 ai_technology cybersecurity

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

View original on thehackernews.com

Overview

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning

SpinGraph analysis pending — check back after processing.

Ask AI about this story

Opens with the SpinGraph .md URL and structured context — one click, prompt included.

More from The Hacker News

View all →

Markdown (.md) · JSON-LD schema (.json) · Machine-readable for AI & GEO