GitHub has disabled automatic script execution for npm packages, a feature that allowed packages to run code upon installation. This change was prompted by the exploitation of this functionality by the 'Shai-Hulud' worm, which used it to spread malicious code. The decision aims to enhance security within the npm ecosystem by preventing unauthorized code execution during package installation. AI
RANK_REASON A platform (GitHub) made a change to a tool (npm) to improve security.
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
