GITHUB is set to disable npm install scripts by default to combat supply chain attacks, a growing concern in software development. This change aims to enhance security by preventing potentially harmful scripts from running automatically during package installations. As supply chain attacks become more prevalent, GitHub's proactive measure is intended to protect developers and their projects.
The decision underscores the importance of security in modern software practices and is part of broader efforts to safeguard the software supply chain against malicious activities.