CyberSecurity News
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
AI summary
npm version 12 has been released with install scripts disabled by default to reduce supply chain risk. This change means that certain npm install behaviors that previously ran automatically will now require opt-in. Specifically, the allowScripts default is now set to off. Additionally, granular access tokens, which were designed to bypass two-factor authentication, have been deprecated. This update is part of GitHub's efforts to enhance security. The deprecation of granular access tokens and the disabling of install scripts by default aim to improve the overall security of the npm ecosystem.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

