NPM 12 to Block Dependency Scripts by Default to Curb Supply Chain Attacks

GitHub has announced that NPM 12, expected to release in July, will no longer execute dependency scripts by default, a significant security overhaul aimed at neutralizing the wave of supply chain attacks plaguing the JavaScript ecosystem. The decision comes in the wake of several high-profile incidents involving the TeamPCP campaign and the self-replicating Shai-Hulud worm, both of which exploited the automatic execution of preinstall, install, and postinstall scripts during `npm install` to infiltrate thousands of developer machines with credential-stealing malware. GitHub stated plainly that the new behavior ensures these lifecycle scripts from transitive dependencies will not run unless they are explicitly allowed in the project's configuration.

The changes extend beyond standard lifecycle hooks. NPM 12 will also block native node-gyp builds, including packages that ship a `binding.gyp` file without an explicit install script, as well as `prepare` scripts sourced from git, file, and link dependencies. The Shai-Hulud Miasma attacks notably weaponized a malicious `binding.gyp` file to achieve code execution, making this a critical defensive measure. Additionally, git dependencies will no longer be resolved at install time unless explicitly approved, closing a code-execution vector where a dependency's `.npmrc` could override the Git executable even with `--ignore-scripts` in effect. Remote URL dependencies, including HTTPS tarballs, will similarly be blocked, with developers able to whitelist them using the `--allow-remote` flag available since NPM 11.15.0.

Developers can prepare for the transition by upgrading to NPM 11.16.0 or later and auditing their projects immediately. Running `npm approve-scripts --allow-scripts-pending` surfaces all packages with pending scripts, allowing teams to build a curated allowlist written to `package.json` and commit it to version control. Once locked in, any install routine that attempts to execute unapproved scripts will trigger warnings. For teams concerned about broader exposure across their development environments, running a privacy checkup can help identify residual risks from compromised build pipelines, while verifying repository SSL configurations through an SSL/TLS checker ensures that whitelisted HTTPS tarball sources are not subject to man-in-the-middle interception. If any developer credentials were exposed during the TeamPCP or Shai-Hulud incidents, running them through a password checker is strongly advised to determine whether they appeared in known breach corpora.

The NPM ecosystem has become a primary battleground for supply chain compromise, with recent related incidents including over 5,500 GitHub repositories infected in the Megalodon attack, 32 Red Hat NPM packages hit by a separate intrusion, and the breach of 3,800 internal GitHub repositories. GitHub's proactive hardening of install-time script execution marks one of the most consequential shifts in NPM's security model to date, placing the burden of trust verification squarely on developers rather than defaulting to permissive execution.