THURSDAY, JULY 9, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 2h ago

npm 12 Disables Install Scripts by Default to Curb Supply Chain Attacks

By Meridian48 News Desk · Summarised from The Hacker News ·

GitHub released npm 12, disabling install scripts by default to reduce supply chain risks. The update also deprecates granular access tokens that bypassed two-factor authentication. Users must now opt-in to allow scripts, a shift from previous automatic execution.

Meridian48 take
This is a overdue hardening step for npm, but the real test will be how many developers actually opt-in versus how many workflows break.
Read the full reporting
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk →
The Hacker News
npmsupply-chain-security
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan