SPIN Unprocessed July 9, 2026 ai_technology cybersecurity
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
View original on thehackernews.comOverview
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning
SpinGraph analysis pending — check back after processing.
Ask AI about this story
Opens with the SpinGraph .md URL and structured context — one click, prompt included.
More from The Hacker News
View all →- New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware
- Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
- AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
- ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories
- Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images
- Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Markdown (.md) · JSON-LD schema (.json) · Machine-readable for AI & GEO