techtimes

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

GitHub's npm package manager will ship its most significant security redesign in years this July, when npm v12 makes three long-automatic install behaviors require ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...
theregister

GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm.
The Hacker News

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a ...
GIGAZINE

The era of simply running 'npm install' to execute code is coming to an end, as npm plans to disable automated script execution by default.

The JavaScript package management tool 'npm' is scheduled to implement a change in its 'npm v12' release, which is expected in July 2026. This change will prevent the script that is automatically ...