npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

Article summary
Quick briefing — cleaned from the original RSS feed
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning
1Key Takeaways
- GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).
- The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning.
2AIWedia Score
8.8/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
LLM news directly affects chatbots, copilots, and APIs that millions of products rely on. The Hacker News reports that gitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).
Explore related
Browse toolsRelated tools
LLMs news
Explore curated llms tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.
