GitHub Hardens npm Security with Disabled Install Scripts and Enhanced Token Controls
GitHub has significantly bolstered the security of the **npm** ecosystem by disabling install scripts by default in version 12 and deprecating **granular access tokens (GATs)** that bypassed two-factor authentication. These changes aim to mitigate supply chain attacks and enhance the integrity of package installations for developers.
Supply chain security in software development remains a critical concern, and **GitHub**, a **Microsoft** subsidiary, is taking decisive steps to address it within the **npm** package manager.

**npm version 12** introduces a fundamental shift by disabling install scripts by default, making several previously automatic behaviors opt-in. This move is designed to prevent malicious code execution during package installation.
### Default Opt-In for Critical Behaviors
Key changes in **npm 12** include:
* `allowScripts` now defaults to `off`. This means dependency lifecycle scripts (e.g., `preinstall`, `install`, `postinstall`) and implicit **node-gyp** builds will not run unless explicitly enabled.
* `--allow-git` defaults to `none`. **Git** dependencies, whether direct or transitive, will no longer be resolved automatically.
* `--allow-remote` defaults to `none`. Dependencies from remote URLs (e.g., `https` tarballs) will also require explicit permission to resolve.
To approve trusted scripts, users must now run `npm approve-scripts --allow-scripts-pending` and commit the resulting allowlist within the `package.json` file. This process ensures a manual review and explicit approval of executable content.
These changes were previewed last month, with **GitHub** recommending developers upgrade to **npm 11.16.0** or newer to review warnings related to these new defaults.
### Deprecating 2FA Bypass GATs
In addition to script control, **npm 12** also introduces two significant changes concerning **npm GATs** configured to bypass two-factor authentication (2FA):
1. **Restricted Sensitive Actions**: **npm GATs** that bypass 2FA will no longer be able to perform sensitive account, package, and organization management actions. This includes creating or deleting tokens, generating recovery codes, changing account passwords, email, profile, or 2FA configurations, modifying package access, maintainers, or trusted publishing configurations, and managing organization and team memberships or their package grants. This change is slated for early August 2026.
2. **Limited Publishing Capabilities**: **npm GATs** will no longer retain the ability to publish directly. Their publishing surface will be limited to reading private packages and staging a publish, which will only become public after a human 2FA approval. This change is scheduled for January 2027.
**GitHub** advises developers to cease using 2FA-bypass tokens for the aforementioned operations and instead perform them interactively with 2FA in the interim. For automated publishing, the recommendation is to transition to trusted publishing (**OIDC**) or staged publishing with a human approval step, rather than relying on long-lived publish tokens.
### Broader Ecosystem Changes
These security enhancements coincide with other developments in the package management landscape. **pnpm 11.10** has introduced a new `_auth` setting for configuring registry authentication as a single, structured, URL-keyed value.
According to **Socket**, this `_auth` setting enhances security by ensuring that credentials and their associated hosts travel together. **pnpm** will only read `_auth` from the environment or global configuration, never from a project's files. This prevents malicious or compromised `pnpm-workspace.yaml` or `.npmrc` files from redirecting valid tokens to different hosts, a common tactic for credential theft.