"It's become clear that the economics of supply chain attacks have shifted," Isaac Evans, founder and CEO of Semgrep, said this week as GitHub rolled out a set of defaults intended to reduce the routine execution of hostile code during package installation.
What the npm v12 defaults will change
In a blog post published on June 9, the team of npm developers at Microsoft-owned GitHub announced three security-focused breaking changes that will move the package manager from implicit trust toward explicit opt‑in. Available from July 2026, npm v12 flips three historically permissive defaults:
- Blocked install scripts: running npm install will no longer automatically execute background scripts (such as preinstall, install, postinstall or native C/C++ builds like node-gyp rebuild), preventing malicious code from immediately executing during installation.
- Blocked Git dependencies: resolving dependencies directly from custom Git URLs will be blocked by default to prevent attackers from using custom Git configurations to bypass script restrictions.
- Blocked remote URLs: sourcing packages directly from external URLs or HTTPS tarballs instead of official registries will be forbidden by default unless explicitly permitted.
How developers can prepare now
The npm team has provided transition tooling ahead of the v12 release. Developers can upgrade to the current npm version 11.16.0 or newer to receive optional warnings that surface packages and scripts that will be blocked under v12. The new npm approve-scripts command can be used to audit dependencies, identify blocked scripts, and build a local policy allowlist directly in the project's package.json file.
Semgrep's Isaac Evans: a structural defense, and a new target
Evans welcomed the change as a move toward structural defenses rather than relying on individual developers to spot every malicious package. "That makes stronger defaults around install scripts and non-registry dependencies a meaningful step," he said, adding that economic realities mean attackers need only imperfect success to be worthwhile: "Worms like Miasma do not need a perfect hit rate. They are cheap to modify, cheap to rerun, and easier to extend now that parts of the playbook have been exposed.”
But Evans also warned of a likely attacker pivot: "If npm and PyPI close off easier paths, attackers will look for the next trusted layer." He named private corporate repositories as the plausible alternative attackers may exploit, pointing specifically to Artifactory and Nexus.
Paul McCarty (6mile) — praise tempered by practical concerns
Vulnerability researcher Paul McCarty, who publishes as 6mile, praised GitHub for retiring the three defaults but urged caution about how the ecosystem will react. In an analysis published on his website, Open Source Malware, on June 10, McCarty said he remains concerned about the timeline for widespread adoption and the incentives that drive developer behavior.
McCarty warned that build completion is often the overriding objective for developers and that many will "blind-approve blocked scripts to bypass the warnings." He also flagged an unintended side effect for security research and triage: "The benign and the malicious converge on the same suspicious-looking pattern. We end up triaging a flood of weird-but-fine packages to find the weird-and-actually-bad ones and the bad ones get better cover precisely because so much legitimate behavior now looks the same way.”
What this means for developers, security teams, and maintainers
- Developers and build engineers: expect new installation failures and warnings when scripts or non-registry sources are used; projects that rely on those behaviors will need to use npm approve-scripts or explicitly permit specific scripts or sources in package.json to restore prior behavior.
- Security teams and enterprise defenders: stronger defaults reduce a common attack vector, but teams should watch for attacker migration to private repositories such as Artifactory and Nexus (as Isaac Evans warned) and adjust controls and monitoring accordingly.
- Open-source maintainers: some benign workflows that used postinstall scripts or non-registry sources will need rework or explicit allowlisting, and maintainers should expect increased scrutiny as researchers triage patterns that may look suspicious under the new defaults.
GitHub's npm v12 marks a clear shift: closing routinely abused paths at the cost of added friction and a likely migration of some attacker techniques to other trusted layers. Adoption speed and how maintainers choose to approve scripts will determine whether the change meaningfully reduces successful supply‑chain compromises or simply reshapes where defenders and attackers meet. As Evans warned, if public registries become harder to exploit, "attackers will look for the next trusted layer."
https://www.infosecurity-magazine.com/news/github-update-npm-supply-chain/
