🕵🏻♂️ [InfoSec MASHUP] 24/2026 - npm v12 Is the Apology. The Malware Section Is the Receipt. Last week's question was why the software ecosystem keeps shipping
The Node Package Manager (npm) is implementing a significant security update with version 12, which will disable automatic code execution during package installation by default. This change aims to mitigate supply chain attacks by requiring developers to explicitly opt-in to running preinstall scripts. The update comes after years of persistent malware campaigns, such as CanisterWorm and Megalodon, highlighting a belated but necessary step in securing the software ecosystem. AI
IMPACT Enhances security for software development pipelines, reducing risks associated with malicious package installations.