Wireby Fusion42
Read this story on the live Wire →

Wire · founder news, decoded · regulatory

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

npm 12 disables install scripts by default and requires explicit opt-in for dependency lifecycle scripts, Git dependencies, and remote URLs. GitHub also deprecates granular access tokens (GATs) that bypass two-factor authentication, blocking their use for sensitive account and package management actions.

This Wire brief sits within Fusion42's coverage of Cybersecurity and Enterprise Software. Wire is Fusion42's founder-focused intelligence feed: each story is connected to the funds and startups it names — every one with a live profile on Raise or Scout — so founders can follow the capital and the momentum behind the headline rather than just the headline itself. Wire analysis is one of the live surfaces Arthur, Fusion42's AI co-founder, reasons over.

The Wire takeaway

If you ship Node.js code, your builds will break until you audit and allowlist your dependencies—and that's the point. This default-off model means your supply chain just got auditable, but you need to move fast: reviewers now see exactly which scripts run, and that visibility becomes a competitive advantage if your competitors stay blind.

Read the full story at thehackernews.com

Topics: Cybersecurity · Enterprise Software · npm-security · dependency-management · supply-chain-attack · dev-tooling · 2fa-enforcement

Related on Wire

Verified 10 July 2026 · Sources: Fusion42 review