GitHub has announced what it said are « breaking changes » coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats.
The changes aim to combat attack techniques that abuse the « npm install » command to trigger the execution of malicious code using npm lifecycle hooks. « Npm install » is used to download and install all the necessary