The Node Package Manager team has announced that npm 12 will introduce a fundamental change to how install scripts are handled: by default, npm install will no longer execute scripts from dependencies. Package maintainers and consumers who rely on install-time scripts must explicitly opt in to allow this behavior.
The change is a direct response to the wave of supply chain attacks that have exploited npm's script execution model throughout 2025 and 2026—most recently the mini-shai-hulud worm and the Tanstack npm supply chain attack that affected OpenAI employee devices.
What Is Changing
Currently, when you run npm install, the package manager automatically executes preinstall, install, and postinstall scripts defined by any dependency in your tree. This behavior is deeply embedded in the Node.js ecosystem—many legitimate packages use it for native module compilation, binary downloads, and post-install configuration.
In npm 12, this automatic script execution will be disabled by default. Packages that require script execution will need to be explicitly whitelisted by the consuming project.
The npm team has indicated the allow-listing mechanism will work similarly to the experimental --ignore-scripts flag that exists today, but with the inverse default: scripts are off unless turned on.
Why Now
The timing reflects the severity of supply chain compromises the community has experienced. The attack pattern is straightforward: a threat actor compromises an npm package maintainer account (often through credential theft or social engineering), pushes a malicious version with a backdoor embedded in an install script, and the payload executes automatically on every developer machine and CI/CD system that runs npm install.
Notable incidents driving this change:
- Mini-shai-hulud worm (2026): A self-propagating npm worm that used install scripts to spread across developer environments, reaching packages including Tanstack, Mistral AI's guardrails, and others before being contained.
- Axios supply chain attack (2026): North Korean threat group UNC1069 used social engineering to compromise an Axios maintainer account, injecting a payload that executed at install time.
- SAP-related npm packages (2026): The TeamPCP threat group embedded credential-stealing scripts in packages that executed during installation.
- Shai-hulud worm source release (2026): After TeamPCP publicly released the worm's source code, the number of variants spread rapidly—highlighting how automated install-script execution multiplies the blast radius of any single compromised package.
In each case, the attack succeeded in part because developers and automated pipelines had no mechanism to review or approve script execution before it happened.
Impact on the Ecosystem
The change will require adjustments across the npm ecosystem:
Packages affected:
- Native addons compiled with
node-gyp(e.g., bcrypt, canvas, sharp) that runnode-gyp rebuildat install time - Packages that download platform-specific binaries in postinstall scripts (e.g., many CLI tools and database drivers)
- Packages with legitimate postinstall configuration or asset compilation steps
What breaks without action:
npm install sharp— image processing library using native bindingsnpm install sqlite3— SQLite native driver- Many Electron app dependencies that compile native modules
Migration path:
The npm team is expected to provide a flag or configuration key (scripts-allowed) in package.json or .npmrc to whitelist specific packages. Larger package maintainers have been notified in advance to prepare migration documentation.
Security Improvement
For security teams and organizations managing developer environments, this change significantly reduces the attack surface of the npm install process:
- CI/CD pipelines gain a natural checkpoint—scripts cannot silently execute without explicit configuration
- Dependency auditing tools can flag any package in an allow-list for review
- Supply chain compromise scenarios lose their automatic execution vector; a compromised package with a malicious postinstall script would fail silently rather than executing against every consumer
This does not prevent compromised packages from delivering malicious code through their normal module exports—but it eliminates one of the most reliable mechanisms threat actors have used for immediate code execution at install time.
When It Ships
npm 12 is expected to ship alongside Node.js 24 LTS. Organizations are advised to audit their dependency trees now for packages that rely on install scripts, so they can prepare allow-lists before the version lands. The npm team is also expected to publish a migration guide and compatibility checker in the weeks ahead.
For security teams: treat this as an opportunity to formalize the list of packages permitted to run scripts in your environment. That list itself becomes a security control worth reviewing and auditing on a regular cadence.