2026/06/09/npm-v12-will-disable-dependency-install-scripts

npm v12 will disable dependency install scripts and block Git or remote URL dependencies by default in July 2026

Jun 9, 2026, 09:01 PM·github.blog

EDITOR BRIEF

npm v12, expected in July 2026, will make security-focused breaking changes to npm install by requiring explicit opt-in for dependency lifecycle scripts, Git dependencies, and remote URL dependencies. Developers can preview warnings in npm 11.16.0+ and use approve-scripts or related allow flags to prepare projects before the upgrade.

CONTEXT

The changes reflect a broader shift toward secure-by-default package management as supply-chain attacks increasingly abuse install-time code execution and non-registry dependencies. Teams with native modules, Git-based dependencies, or custom install workflows will need to audit and document trust decisions earlier in their build pipelines.

ARTICLE

Upcoming breaking changes for NPM v12

COMMENTS

Discussion

> geekhaus:~$ next read?

I tried Siri AI, and so far it actually works

The Verge

npm v12 will disable dependency install scripts and block Git or remote URL dependencies by default in July 2026

EDITOR BRIEF

CONTEXT

ARTICLE

COMMENTS

Discussion

I tried Siri AI, and so far it actually works

How Justin Ernest invested nearly $400M into hot startups without a traditional VC fund

Apple’s new Siri AI is more than just a smarter assistant — it's a new enterprise app layer

EDITOR BRIEF

CONTEXT

ARTICLE

COMMENTS

Discussion

Next read recommendations

I tried Siri AI, and so far it actually works

How Justin Ernest invested nearly $400M into hot startups without a traditional VC fund

Apple’s new Siri AI is more than just a smarter assistant — it's a new enterprise app layer