GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command.
JavaScriptのパッケージ管理ツール「npm」で、依存パッケージのインストール時に自動実行されるスクリプトについて、2026年7月リリース予定の「npm v12」以降は標準で実行しないようになる変更が予定されています。 Upcoming breaking changes for npm v12 - GitHub Changelog ...
GitHub's npm package manager will ship its most significant security redesign in years this July, when npm v12 makes three long-automatic install behaviors require ...
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took GitHub so long, and why other repositories acted so much sooner. The ability ...