Storia in 4 fonti

GitHub pulls pin on npm's auto-run scripts

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

Raccontata da

Confronto fonti

4 prospettive sulla stessa storia

AI · summaries

theregister.comStai leggendo1 g fa

GitHub pulls pin on npm's auto-run scripts

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

originale

infoworld.com2 g fa

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner.

Leggi questa versione → originale

Timeline cronologica

mercoledì 10 giugno 2026·infoworld.com
GitHub finally pulls the plug on automatic install script execution for npm
The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much…
mercoledì 10 giugno 2026·theregister.com
GitHub pulls pin on npm's auto-run scripts
Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

GitHub pulls pin on npm's auto-run scripts

Confronto fonti

GitHub pulls pin on npm's auto-run scripts

GitHub finally pulls the plug on automatic install script execution for npm

Timeline cronologica

GitHub finally pulls the plug on automatic install script execution for npm

GitHub pulls pin on npm's auto-run scripts

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub announces npm security changes to tackle supply-chain attacks

GitHub announces npm security changes to tackle supply-chain attacks

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks