NPM Git dependency .npmrc code execution bypass security flaw
Vulnerability
Summary
Hide ▲
Show ▼
NPM's Git dependency install path can be bypassed by a malicious .npmrc, allowing full code execution even when --ignore-scripts=true is enabled. The flaw weakens Git repository install defenses and sits within the broader PackageGate set of JavaScript package-manager issues. GitHub's npm v12 adds a separate mitigation path by making install-time execution and non-registry sources require explicit approval, reducing abuse of preinstall/install/postinstall scripts, node-gyp builds, Git-based dependencies, and remote URL dependencies.
Related Happenings
GitHub npm version 12 hardens installs and token management
Security Tool/Service
H score11
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
**GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm version 12 hardens installs and token management
Security Tool/ServiceAbout this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm GAT publish-token mitigation guidance
Advisory/Mitigation
H score25
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub npm GAT publish-token mitigation guidance
Advisory/MitigationAbout this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/Service
H score11
First: 23.06.2026 17:22
Last: 23.06.2026 17:22
Sources 1
About this happening:
GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows
Security Tool/ServiceAbout this happening: GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...
Npm v12 default-blocks install scripts, Git dependencies, and remote URLs
Security Tool/Service
H score11
First: 12.06.2026 16:00
Last: 12.06.2026 16:00
Sources 1
How related:
NPM has announced new version (v12) of the npm package manager in a bid to prevent software supply chain attacks.
About this happening:
GitHub announced **npm v12** with **default-blocking install scripts, Git dependencies, and remote URLs**, shifting package installation to **explicit opt-in** and reducing **supp...
Npm v12 default-blocks install scripts, Git dependencies, and remote URLs
Security Tool/ServiceHow related: NPM has announced new version (v12) of the npm package manager in a bid to prevent software supply chain attacks.
About this happening: GitHub announced **npm v12** with **default-blocking install scripts, Git dependencies, and remote URLs**, shifting package installation to **explicit opt-in** and reducing **supp...
Miasma supply-chain malware activity
Malware Activity
H score34
First: 10.06.2026 23:27
Last: 10.06.2026 23:27
Sources 1
About this happening:
The **Miasma** malware activity is enabling **supply-chain compromise** by stealing **build environment** and **cloud credentials**, then using them to poison legitimate packages...
Miasma supply-chain malware activity
Malware ActivityAbout this happening: The **Miasma** malware activity is enabling **supply-chain compromise** by stealing **build environment** and **cloud credentials**, then using them to poison legitimate packages...
Timeline
-
26.01.2026 16:02 1 articles · 5mo ago
Koi reports Git dependency bypass to NPM
Initial DisclosureKoi Security submitted a vulnerability report to NPM’s HackerOne about a Git-dependency install bypass that affects the `--ignore-scripts` defense, and the researchers said they also reported the issues to vendors across the JavaScript package-manager ecosystem.
Show sources
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies — www.bleepingcomputer.com — 26.01.2026 16:02
-
26.01.2026 16:02 2 articles · 5mo ago
Malicious .npmrc overrides Git path during NPM installs
Technical Analysis UpdateWhen NPM installs a dependency from a Git repository, a malicious `.npmrc` can override the git binary path and trigger full code execution even when `--ignore-scripts=true` is enabled; Koi said there was evidence of a proof-of-concept reverse shell abusing the technique.
Show sources
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies — www.bleepingcomputer.com — 26.01.2026 16:02
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies — www.bleepingcomputer.com — 26.01.2026 16:02
-
26.01.2026 16:02 4 articles · 5mo ago
Bun, vlt, and pnpm ship fixes and mitigations
Mitigation Patch UpdateBun patched the affected behavior in version 1.3.5, vlt patched within days after Koi’s disclosure, and pnpm released fixes for CVE-2025-69263 and CVE-2025-69264. The broader mitigation guidance also recommended disabling lifecycle scripts with `--ignore-scripts=true`, enabling lockfile integrity and dependency pinning, and adopting trusted publishing, granular access tokens, and enforced two-factor authentication.
Show sources
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies — www.bleepingcomputer.com — 26.01.2026 16:02
- Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code — thehackernews.com — 26.01.2026 17:43
- GitHub announces npm security changes to tackle supply-chain attacks — www.bleepingcomputer.com — 10.06.2026 22:41
- GitHub to Update npm to Thwart Software Supply Chain Attacks — www.infosecurity-magazine.com — 12.06.2026 16:00
-
26.01.2026 16:02 1 articles · 5mo ago
NPM rejects the report; GitHub says it is working on the issue
Legal Policy Action UpdateNPM closed the HackerOne report as working as expected and did not respond to follow-up attempts, while GitHub said it was working to address the issue and noted that npm was actively scanning the registry for malware.
Show sources
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies — www.bleepingcomputer.com — 26.01.2026 16:02