NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

Summary

GitHub is updating NPM to version 12, set for release in July, to prevent supply chain attacks. By default, npm install will no longer automatically execute scripts from dependencies, a method recently exploited by malware like the Shai-Hulud worm. Developers will need to explicitly allow scripts from trusted packages to maintain current functionality.

Full text

In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. Multiple major incidents that occurred over the past several months, mainly associated with TeamPCP and the Shai-Hulud self-replicating worm, have been abusing the default, automatic execution of scripts from dependencies during npm install to infect thousands of developers with malware. To better protect users, starting with NPM version 12, which is expected to arrive in July, script execution will be blocked by default, GitHub announced. “npm install will no longer execute preinstall, install, or postinstall scripts from dependencies unless they are explicitly allowed in your project,” the code-sharing platform explains. The change will also impact native node-gyp builds, such as packages that have a binding.gyp and no explicit install script, as well as prepare scripts from git, file, and link dependencies. The recent Shai-Hulud Miasma attacks relied on a weaponized binding.gyp file. To check how the upcoming change will impact their projects, developers can run npm approve-scripts –allow-scripts-pending, and allow the packages they trust and block the rest, to obtain an allowlist that is written to package.json.Advertisement. Scroll to continue reading. Once the JSON is committed, developers using NPM version 11.16.0 or above will receive warnings if their install routine executes scripts. Additionally, GitHub explains, Git dependencies (direct or transitive) will no longer be resolved at npm install, unless explicitly allowed. “This closes a code-execution path where a Git dependency’s .npmrc could override the Git executable, even with –ignore-scripts,” the platform notes. Similarly, dependencies from remote URLs will no longer be resolved in NPM version 12. This includes HTTPS tarballs (direct or transitive), but developers can allow them via the –allow-remote flag, which has been available since version 11.15.0. “Upgrade to NPM 11.16.0 or later, run your normal install, and review the warnings. Use npm approve-scripts –allow-scripts-pending to see which packages have scripts, approve the ones you trust, and commit the updated package.json. After that, only the scripts you approved keep running once you upgrade,” GitHub notes. Related: Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Related: Supply Chain Attack Hits 32 Red Hat NPM Packages Related: GitHub Confirms Hack Impacting 3,800 Internal Repositories Related: Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire CISA Directs Federal Agencies to Prioritize Security Patches Based on RiskHackers Exploit Langflow Vulnerability for Remote Code ExecutionSplunk, Palo Alto Networks Patch Severe Vulnerabilities‘GreatXML’ Zero-Day Exploit Bypasses BitLockerCyera Raises $600 Million at $12 Billion ValuationAryon Security Raises $29 Million in Series A FundingNew Windows Zero-Day Exploit ‘RoguePlanet’ ReleasedCritical Vulnerabilities Patched in Fortinet, Ivanti Products Latest News Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export ControlsIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineIndustry Reactions to Claude Fable 5: Feedback FridayIranian Cyber Group Handala Claims Cal Water HackIvanti Sentry Exploitation Attempts Hitting HoneypotsChrome 149 Update Patches 28 VulnerabilitiesAnthropic Disputes Fable 5 AI JailbreakGoogle Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveStephen Garcia has been named Chief Information Security Officer at BreachRx.Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.Chaim Mazal has been named Chief Information Security Officer at GitLab.More People On The MoveExpert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities