npm v12 Breaking Changes — Install Scripts and Remote Dependencies Locked Down by Default
npm v12 (estimated July 2026) flips three security defaults that have been the most exploited code-execution paths in supply chain attacks. Install scripts, Git dependencies, and remote URL dependencies will all be blocked unless explicitly allowed. These aren't new features — they've been available as opt-in since npm 11.10.0+ — but v12 makes the secure path the default.
If you're running npm 11.16.0+, you're already seeing warnings for these. In v12, warnings become hard blocks. Now is the time to prepare.
The Three Breaking Changes
All three changes close paths where arbitrary code could execute during npm install without explicit user consent. Together, they represent npm's most significant shift toward secure-by-default behavior.
1. allowScripts Defaults to Off
Preinstall, install, and postinstall scripts from dependencies will no longer run automatically. This includes node-gyp native builds (triggered by binding.gyp) and prepare scripts from git/file/link dependencies.
This is the #1 execution vector in npm supply chain attacks. The TanStack incident, ua-parser-js, and dozens of others all used postinstall hooks to run malicious code on install.
The new workflow uses explicit approval:
# See which packages have pending install scripts
npm approve-scripts --allow-scripts-pending
# Approve a trusted package
npm approve-scripts
# Block an untrusted package
npm deny-scripts
Approved packages are written to an allowlist in package.json:
{
"allowScripts": {
"sharp": true,
"esbuild": true,
"@parcel/watcher": true
}
}
2. --allow-git Defaults to None
Git dependencies (e.g., "my-lib": "github:org/repo") will no longer resolve unless explicitly allowed. The attack vector here: a Git dependency's .npmrc could override the Git executable, giving arbitrary code execution during resolution.
This was announced 2026-02-18 and has been available since npm 11.10.0+.
3. --allow-remote Defaults to None
Remote URL dependencies (HTTPS tarballs like "lib": "https://example.com/lib-1.0.tgz") will no longer resolve unless explicitly allowed. Available since npm 11.15.0+.
Note: --allow-file and --allow-directory are not changing defaults. Local filesystem dependencies remain unrestricted.
How to Prepare Today
- Upgrade to npm 11.16.0+ (
npm install -g npm@latest) - Run
npm installin your projects and observe the new warnings - Run
npm approve-scripts --allow-scripts-pendingto see which dependencies need install scripts - Approve packages you trust with
npm approve-scripts - Block packages you don't trust or don't need scripts from with
npm deny-scripts - Commit the updated
package.jsonwith its newallowScriptsentries
Start now. The warnings you see today in npm 11.16.0+ become hard failures in v12. Doing this work incrementally is much easier than dealing with a broken CI pipeline on upgrade day.
What This Means for the Ecosystem
Previous advice was binary: set ignore-scripts=true in .npmrc and accept that some packages break. npm v12 replaces that blunt instrument with a granular allowlist. You approve scripts per-package, so native addons still work while unknown packages stay sandboxed.
This fits into the layered defense model: lock files + npm ci + min-release-age + disabled scripts + behavioral scanning. npm v12 makes one of those layers the default rather than opt-in.
Native addon packages — sharp, esbuild, bcrypt, better-sqlite3 — all require install scripts to build or download platform binaries. Expect friction on first upgrade. You'll need to explicitly approve each one. Review the list before upgrading to v12 in CI.