GitHub announces npm security changes to tackle supply-chain attacks

Summary

GitHub is enhancing npm security with version 12, set to launch next month, to combat supply-chain attacks. The update will require explicit developer approval for automatic execution of install scripts and for fetching dependencies from Git repositories or remote URLs, rather than trusting them by default. These changes aim to disrupt common attack vectors used in recent campaigns.

Full text

GitHub announces npm security changes to tackle supply-chain attacks By Bill Toulas June 10, 2026 03:41 PM 0 GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. 'npm install' is the command used to download and install a project's dependencies and run any install-related scripts defined by the packages. Developers execute it after cloning a project, pulling updates, or during CI/CD builds, and attackers target it because of the potential for automated code execution during package installation. The main theme of the announcement is that code execution and non-registry dependency sources that currently trigger automatically during npm install will now require explicit approval instead of being trusted by default. Specifically, GitHub announced the following changes: Starting in version 12, npm install will not run preinstall, install, or postinstall scripts from dependencies unless they have been explicitly approved. This also applies to native module builds triggered through node-gyp, and prepare scripts from Git, local file, and linked dependencies. npm install will no longer fetch dependencies from Git repositories, whether direct or transitive, unless explicitly permitted. GitHub says this removes a code execution path where a Git dependency's .npmrc file could alter which Git executable is used, even when install scripts are disabled. Dependencies installed from remote URLs, such as HTTPS tarballs, will no longer be resolved unless explicitly permitted. This applies to both direct and transitive dependencies. These changes can significantly reduce supply-chain attacks by removing the automatic execution of dependency installation scripts, the automatic resolution of Git-based dependencies, and the automatic resolution of remote URL dependencies. The new defaults could have disrupted several attack techniques used in recent supply-chain attacks. This includes malicious preinstall/postinstall script campaigns targeting eslint-config-prettier, Toptal's Picasso packages, dozens of data-stealing npm packages, as well as Git dependency abuse documented in Shai-Hulud attacks. Projects that rely on any of these behaviors for legitimate workflows will need to explicitly opt in before upgrading to npm v12. GitHub recommends that developers prepare by upgrading to npm 11.16.0 or newer, which displays warnings on all actions that will break under version 12. This allows developers running their normal install routines to review these warnings and identify dependencies or workflows that will require explicit approval before upgrading. After upgrading to version 12, only explicitly approved scripts and dependency sources will continue functioning automatically. A community discussion has been opened for developers to share their suggestions on the upcoming changes. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: GitHub disables Microsoft repos pushing password-stealing malwareNew IronWorm malware hits 36 packages in npm supply-chain attackNew Shai-Hulud malware wave compromises 600 npm packagesShai Hulud attack ships signed malicious TanStack, Mistral npm packagesPopular node-ipc npm package compromised to steal credentials

Entities