Back to emschwartz's feed

GitHub finally pulls the plug on automatic install script execution for npm (opens in new tab)  🔀JJ  Content type: News

infoworld.com··Cited by 1 article·Covers: Upcoming breaking changes for npm v12 - GitHub Changelog·Open original (opens in new tab)

The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are changing, GitHub said in its changelog, noting, “it turns an npm install behavior that runs automatically today into one you explicitly opt into.” Specifically, the post said, “allowScripts defaults to off: npm install wi...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Cited by 1 article

GitHub finally pulls the plug on automatic install script execution for npm

csoonline.com·

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help