Tag: package manager security

1 article

Developer workstation with laptop, notes, and coding books under indoor lighting.

GitHub Overhauls npm Defaults to Thwart Script-Based Attacks

GitHub is taking a major step to boost npm security by changing its default settings to block automatic execution of install-time lifecycle scripts, a common vulnerability exploited in script-based attacks. Starting with npm 12, these scripts will require explicit permission to run, unless explicitly allowed via a new allowlist mechanism.

Analyst 207Jun 10, 2026