THE article discusses the release of npm 12, which has disabled install scripts by default to enhance supply chain security. This change is aimed at mitigating risks associated with malicious scripts during package installations. It emphasizes the importance of security measures in the open-source ecosystem and the need for developers to adopt safer practices to prevent vulnerabilities.
npm 12 disables install scripts by default for supply chains
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
npm 12 disables install scripts by default for supply chains
thehackernews.com
-
GitHub will stop NPM script auto run to curb supply chain attacks
securityweek.com
-
GitHub to Update npm to Thwart Software Supply Chain Attacks
infosecurity-magazine.com