Back to Insights
Regulation5 min read11 June 2026

npm v12 Will Block Auto-Run Install Scripts by Default Starting July 2025

GitHub's decision to disable automatic lifecycle script execution in npm v12 closes a well-worn supply chain attack path — but security engineers warn the threat is far from finished.

PN
Priya NatarajanCompliance & Risk Analyst
A photoreal close-up of a developer's hands at a mechanical keyboard in a dimly lit server room, with a terminal screen

GitHub confirmed in its official changelog that npm v12, shipping in July 2025, will block `preinstall`, `install`, and `postinstall` scripts from running automatically unless a developer explicitly permits them.

What Is Actually Changing

For years, any package a developer pulled from the npm registry could silently execute arbitrary shell commands the moment `npm install` ran. That behavior powered legitimate build tooling — native C++ addons compiled via `node-gyp` being the most common example — but it also handed attackers a ready-made remote-code-execution primitive buried inside a dependency tree.

Starting July 2025, npm v12 will suppress that execution by default. Developers who need scripts to run must opt in explicitly, project by project. GitHub's principal engineer Zach Steindler framed the decision plainly: "Secure defaults are essential for widespread adoption," adding that the goal is to make the safe path the obvious one rather than an extra configuration step.

This shift follows Yarn and Bun, both of which introduced opt-in script models earlier. Sanchit Vir Gogia of Greyhound Research put it bluntly: "Npm is adopting a well-established doctrine, not inventing one." The fact that npm — the world's largest package registry by volume, hosting more than 2.5 million packages as of 2024 — took this long to follow suit reflects just how entrenched the old behavior had become.

Why Supply Chain Attacks Made This Inevitable

The npm install-script vector has shown up in some of the most disruptive software supply chain incidents of recent years. Attackers embedded malicious code in packages such as `event-stream` and `node-ipc`, relying on the automatic execution model to trigger payloads without any additional user interaction. The 2023 Verizon Data Breach Investigations Report noted that attacks against software supply chains continued climbing year over year, with third-party and partner compromise accounting for a growing share of breach origins.

The EU Cyber Resilience Act, which entered into force in late 2024, adds regulatory weight to the technical argument. The Act shifts meaningful liability for supply chain failures onto the companies that ship software products — meaning a quietly executing install script in a transitive dependency is no longer just an engineering risk but a legal one sitting on corporate balance sheets.

Cybersecurity consultant Brian Levine captured the scale of the change: "When npm changes its defaults, it alters the security posture of nearly every enterprise development environment."

The Limits of a Default Change

Not everyone sees this as a solved problem. Sonu Kapoor, who maintains the CVE Lite CLI under the OWASP Incubator Project, called the new default "a significant narrowing of the attack surface" while warning that it "removes a major automatic execution path, but attackers can still use other methods such as malicious package code or dependency confusion."

Dependency confusion attacks — where a threat actor publishes a public package with the same name as a private internal one, tricking package managers into fetching the malicious version — require no install scripts at all. The payload lives in the package's actual JavaScript, not in a lifecycle hook. Blocking hooks does nothing to stop that.

Alan Parkinson of Threat Detective offered a sobering perspective from the attacker's side: "Running code from an install hook was always noisy, causing visible damage, drawing attention." Sophisticated threat actors, he argued, had already migrated to subtler techniques. The default change catches the unsophisticated end of the adversary spectrum more than it disrupts nation-state or organized criminal groups.

What the Root Control Failure Really Was

The deeper issue here is not a single CVE or a one-time patch. It is a systemic failure of secure-by-default design that persisted for over a decade. npm's install-script model was built for convenience and trusted that the packages a developer chose to install were safe. Neither assumption holds in a supply chain threat environment.

When default configurations permit arbitrary code execution, every downstream user inherits that risk whether they know it or not. Organizations running CI/CD pipelines that call `npm install` without script controls effectively granted untrusted code root-equivalent access to their build environments. No firewall rule, no endpoint agent, and no SIEM alert was positioned to stop it — because the action looked exactly like normal software building.

This is precisely the kind of systemic gap that security-awareness training must address at the developer level. Engineers who understand *why* install scripts are dangerous are far more likely to audit `package.json` files, challenge unusual dependencies, and notice a newly introduced lifecycle hook before it becomes a breach. Awareness is not a substitute for a good default, but it is what keeps teams from blindly re-enabling dangerous behavior the moment a build breaks. Teams looking to build that culture can explore options at Train2Secure's pricing page to find a program that fits their development org.

What Defenders Should Do Right Now

The July 2025 rollout gives teams a window to prepare. Four actions matter most before then:

  • Audit existing dependencies. Run `npm ls --all` and identify every package that currently uses lifecycle scripts. Tools like `npm-audit` and Socket.dev can surface these.
  • Establish an explicit allowlist. Document which packages genuinely need script execution — usually native-addon packages — and add them to a controlled configuration file that lives in version control.
  • Harden CI/CD environments. Build pipelines should run with least-privilege service accounts and network egress restrictions so that even a script that does execute cannot easily phone home or exfiltrate secrets.
  • Enforce software composition analysis (SCA) gates. Integrate SCA tooling into pull-request checks so any newly introduced package with a lifecycle script triggers a review before it reaches main.
  • Review your security standards posture. Organizations benchmarking against NIST SP 800-218 (Secure Software Development Framework) should map this control gap to the Supply Chain Risk Management practice group. Train2Secure's standards library covers how these frameworks translate into everyday developer behavior.

Compatibility will break for some teams on day one. Packages that compile native binaries — database drivers, cryptographic libraries, image-processing modules — have historically relied on `node-gyp` invocations baked into lifecycle hooks. Kapoor acknowledged the disruption directly, noting that legitimate packages have depended on this mechanism for real build workflows. Teams should test against npm v12 release candidates now rather than waiting for production breakage in July.

The Bigger Picture

This change is a policy win, not a finish line. Blocking auto-run scripts removes one reliable attack primitive, but the npm ecosystem still carries millions of packages with no mandatory identity verification for publishers, minimal provenance attestation, and no automated behavioral analysis at ingestion time. GitHub has been expanding npm provenance — linking published packages cryptographically to their source repositories — but adoption remains voluntary.

The combination of new secure defaults, emerging provenance infrastructure, and regulatory pressure from the EU CRA creates the best conditions in years for a genuine improvement in open-source supply chain hygiene. Capitalizing on that window requires both technical controls and teams that understand why those controls exist. Starting with a free trial of security awareness training is one concrete step development organizations can take this week.

How to prevent your team from re-enabling dangerous npm defaults

  • Train developers to recognize suspicious lifecycle scripts and dependency additions before they reach production pipelines.
  • Run tabletop exercises simulating a dependency confusion or malicious-package scenario so engineers understand the real blast radius.
  • Map your secure software development practices to NIST SP 800-218 and identify gaps before regulators — or attackers — find them first.

Train2Secure delivers developer-focused security awareness modules that turn policy changes like this one into lasting behavioral habits across engineering teams.

Start free — no card required

Frequently asked questions

Which npm lifecycle scripts does the v12 default block cover?

npm v12 will block preinstall, install, and postinstall lifecycle scripts from running automatically, including implicit node-gyp rebuild invocations. Developers must explicitly opt in for any package that needs these scripts.

Will blocking install scripts stop all npm-based supply chain attacks?

No. Dependency confusion attacks and malicious code embedded directly in package logic do not rely on lifecycle scripts at all. The default change closes one significant attack path but leaves others open.

How should a development team prepare before July 2025?

Teams should audit current dependencies for lifecycle script usage, build an explicit allowlist of approved packages that genuinely need scripts, harden CI/CD pipeline permissions, and run integration tests against npm v12 release candidates to catch compatibility breaks early.

Does this change affect packages that compile native add-ons like database drivers?

Yes. Packages that use node-gyp or similar native compilation steps will need to be explicitly whitelisted by developers after npm v12 ships. Teams relying on native-addon packages should test early and update their configuration files accordingly.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress