Skip to main content
CybersecurityInfrastructure

GitHub npm Tightens Security With Disabled Install Scripts

Developer workstation with laptop and notes, package manager interface on screen.

"To prepare, plan to move automated publishing to trusted publishing (OIDC) or staged publishing with a human approval step, rather than a long-lived publish token," GitHub said.

GitHub releases npm 12 and flips dangerous defaults

GitHub, the Microsoft-owned subsidiary, has officially announced the release of npm version 12 with several install-time behaviors disabled by default to reduce supply-chain risk. The changes make formerly automatic actions opt-in: dependency lifecycle scripts and implicit node-gyp builds no longer run automatically, Git dependencies are not resolved by default, and remote URL dependencies are blocked unless developers explicitly allow them.

  • allowScripts defaults to off — preinstall, install, postinstall scripts and implicit node-gyp builds do not run unless allowed.
  • --allow-git defaults to none — Git dependencies (direct or transitive) are not resolved unless explicitly allowed.
  • --allow-remote defaults to none — dependencies fetched from remote URLs (for example, HTTPS tarballs) are not resolved unless explicitly allowed.

Review and approval flow for scripts

Under npm 12, users must explicitly review and approve scripts before they run. The workflow requires running the command "npm approve-scripts --allow-scripts-pending" and then committing the resulting allowlist into the project's "package.json" file. GitHub previewed these settings last month and recommended that developers upgrade to npm 11.16.0 or newer, run the normal install command, and review the warnings that appear during that preview phase.

Granular access tokens (GATs) that bypass 2FA are constrained — timelines set

GitHub is also changing the capabilities of npm GATs that bypass two-factor authentication (2FA). Two distinct restrictions were announced:

  • Beginning in early August 2026, npm GATs configured to bypass 2FA will no longer be able to perform sensitive account, package, and organization management actions. The source lists these actions explicitly: creating or deleting tokens; generating recovery codes; changing npm account password, email, profile, or 2FA configuration; changing package access, maintainers, or trusted publishing configuration; and managing organization and team membership and their package grants.
  • Starting in January 2027, GATs will lose the ability to publish directly. Their publishing surface will be limited to reading private packages and staging a publish; a package will only become public after a human 2FA approval.

In the interim, GitHub advised stopping use of 2FA-bypass tokens for the listed operations and performing them interactively with 2FA. The vendor also urged teams to plan migration of automated publishing to trusted publishing via OIDC or to adopt staged publishing with a human approval step instead of relying on long-lived publish tokens.

pnpm 11.10 adds _auth to bind credentials to hosts

Alongside npm's changes, pnpm 11.10 introduces a new "_auth" setting that configures registry authentication as a single structured, URL-keyed value. Socket explained the reasoning and behavior: "The security benefit is that the credential and the host it belongs to travel together, and pnpm reads _auth only from the environment or the global config, never from a project's files."

Socket added that this prevents a malicious or compromised pnpm-workspace.yaml or .npmrc inside a repository from pointing a valid token at a different host. "A tampered project file is a common way attackers get a foothold, and redirecting a registry token is a direct route to stealing it, so closing that path removes exposure," the source quotes.

What this means for technologists, CI/CD teams, and open-source maintainers

  • Technologists and security teams — Expect to review and approve script allowlists and enforce new policies. The source recommends upgrading to npm 11.16.0 or newer to preview the behavior and examine warnings.
  • CI/CD and automation engineers — Plan to migrate automated publishing away from long-lived, 2FA-bypass tokens toward trusted publishing (OIDC) or staged publishes with human 2FA approval, per GitHub's guidance and the announced August 2026 / January 2027 timelines.
  • Open-source maintainers and package consumers — Be prepared to commit an allowlist in package.json for approved scripts and to require interactive 2FA for sensitive account and package operations that GATs will no longer perform.

Together, these changes tighten two attack routes that have been exploited in supply-chain incidents: unexpected install-time scripts and redirected registry credentials stored in project files. The record points to two near-term deadlines — early August 2026 for restricting GAT management actions and January 2027 for eliminating direct publishing via GATs — and a clear recommendation from GitHub to move automated publishing to OIDC or staged, human-approved flows. The immediate practical steps named in the announcement are simple to list: upgrade to npm 11.16.0 or newer to examine warnings, stop using 2FA-bypass tokens for sensitive operations today, and plan migrations of automated publishing before the scheduled changes take effect.

Original story: https://thehackernews.com/2026/07/npm-12-disables-install-scripts-by.html