Storia in 6 fonti

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner.

Raccontata da

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

infoworld.comStai leggendo2 g fa

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner.

originale

thehackernews.com1 g fa

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.

Leggi questa versione → originale

bleepingcomputer.com1 g fa

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command.

Leggi questa versione → originale

theregister.com1 g fa

GitHub pulls pin on npm's auto-run scripts

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

Leggi questa versione → originale

github.blog2 g fa

Upcoming breaking changes for npm v12 - GitHub Changelog

Our next npm major version, v12, introduces security-related default changes to npm install. All these changes are available behind warnings in npm today on 11.16.0 or newer, so you can…

Leggi questa versione → originale

heise.de1 g fa

npm packt seine riskantesten Sicherheitsprobleme an

Mit npm v12 schließt GitHub einen zentralen Angriffsweg: Installationsskripte aus Abhängigkeiten laufen ab Juli 2026 nur noch nach ausdrücklicher Freigabe.

Leggi questa versione → originale

Timeline cronologica

martedì 9 giugno 2026·github.blog
Upcoming breaking changes for npm v12 - GitHub Changelog
Our next npm major version, v12, introduces security-related default changes to npm install. All these changes are available behind warnings in npm today on 11.16.0 or newer, so…
mercoledì 10 giugno 2026·infoworld.com
GitHub finally pulls the plug on automatic install script execution for npm
The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much…
mercoledì 10 giugno 2026·heise.de
npm packt seine riskantesten Sicherheitsprobleme an
Mit npm v12 schließt GitHub einen zentralen Angriffsweg: Installationsskripte aus Abhängigkeiten laufen ab Juli 2026 nur noch nach ausdrücklicher Freigabe.
mercoledì 10 giugno 2026·theregister.com
GitHub pulls pin on npm's auto-run scripts
Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors
mercoledì 10 giugno 2026·bleepingcomputer.com
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the…
giovedì 11 giugno 2026·thehackernews.com
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.