Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

GitHub npm v12 hardens install-time dependency execution and source resolution

Security Tool/Service
First reported
Last updated
Happening score
H score 11
2 unique sources, 2 articles

Summary

Hide ▲

GitHub is tightening npm v12 next month by blocking automatic dependency install scripts and non-registry sources, reducing supply-chain attack paths triggered by npm install. By default, preinstall, install, postinstall, node-gyp, and some prepare scripts will need explicit approval, and Git-based and remote URL dependencies will no longer resolve automatically. The update raises the bar for package-based code execution and forces teams to review workflows that depend on automatic installation behavior.

Related Happenings

Miasma supply-chain malware activity

Malware Activity
H score34 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma** malware activity is enabling **supply-chain compromise** by stealing **build environment** and **cloud credentials**, then using them to poison legitimate packages...

Open Happening

Hades Bun-powered JavaScript stealer on PyPI

Malware Activity
H score34 First: 09.06.2026 12:13 Last: 09.06.2026 12:13 Sources 1

About this happening: A new **Hades** PyPI malware wave uses a **Python startup hook** to launch a **Bun-powered JavaScript stealer**, putting developer and CI/CD credentials at risk. The payload can h...

Open Happening

Shai-Hulud PyPI supply-chain malware activity

Malware Activity
H score22 First: 08.06.2026 23:41 Last: 08.06.2026 23:41 Sources 1

About this happening: The **Shai-Hulud** supply-chain malware compromised **19 PyPI packages**, turning routine installs into secret-stealing execution and putting **developer credentials** at risk. Th...

Open Happening

IronWorm npm supply-chain infection and self-propagation

Malware Activity
H score15 First: 04.06.2026 18:25 Last: 04.06.2026 18:25 Sources 1

About this happening: **IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...

Open Happening

Miasma GitHub and npm supply-chain campaign

Campaign
H score26 First: 02.06.2026 00:38 Last: 02.06.2026 00:38 Sources 1

About this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** branch called **Hades**, with **37 malicious wheel artifacts** across **19 packages**. The compromised releas...

Latest development: 05.06.2026 21:05

A new Miasma wave is linked to 57 compromised npm packages across more than 286 malicious versions, with malicious installs abusing a 157-byte binding.gyp file for code execution during npm install and then staging additional payloads that inject persistent backdoor files into project repositories and target AI-assisted IDE workflows.

Open Happening

Timeline

  1. 10.06.2026 22:41 3 articles · 22h ago

    GitHub hardens npm v12 install-time dependency execution

    Initial Disclosure

    GitHub announced that npm v12, expected next month, will require explicit approval before npm install runs dependency preinstall, install, postinstall, node-gyp, and some prepare scripts, and before it fetches Git-based or remote URL dependencies. GitHub says npm 11.16.0 or newer will warn about actions that break under version 12 so developers can review workflows before upgrading.

    Show sources
    Open in new tab