NPM receiving major security overhaul in July, but some security pros say it’s not enough

Installing a piece of code from NPM will no longer auto-run malware on the system, and won’t quietly pull malicious code from external repos unless the developer explicitly allows it. But this won’t be enough to stop supply chain attacks where they matter most, as compromised accounts can still ship malicious code.
-
NPM v12 launches in July with stricter security, blocking automatic install scripts and unauthorized third-party dependencies by default
-
Developers have been receiving warnings since version 11.16.0 to help identify and fix potential breaking changes.
-
Security researchers warn that the update is not a complete solution and fails to address account takeovers and malicious packages.
In July, NPM, a major JavaScript code delivery system, is expected to release v12, a major security-focused release that addresses security loopholes attackers have exploited to carry out devastating recent supply chain attacks. The second pre-release (pre.2) version was released on Monday.
The most important change: running “npm install” will no longer trigger install scripts. Historically, installing any package from NPM would also run preinstall, install, and postinstall scripts for every dependency, but in npm v12, they are blocked unless explicitly approved.
Another major change is that a package won’t be able to pull its dependencies from third-party sites, including GitHub. Git dependencies will be blocked by default. Again, explicit permission is required. Previously, an NPM package could pull and install code from anywhere.
NPM will also become stricter about catching configuration mistakes, and there are many other smaller changes.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
The final version is expected to land in the coming weeks, if everything goes smoothly – NPM hasn’t announced a fixed schedule. The changes might break some projects, and the repository has been urging developers to test the changes. NPM, since v11.16.0+, has been checking for breaking changes and displaying them as a warning to help developers fix and prepare for the final release.
The changes will close some major attack vectors used in the Shai-Hulud worm and other NPM supply chain attacks. However, cybersecurity professionals warn that the awaited release is “not enough,” as the most pressing pain points remain unresolved.
What is the new NPM still lacking?
Ox Security doesn’t see the new NPM release as a silver bullet that completely solves supply chain attacks.
“Account takeover remains an open wound. Once an actor controls a legitimate maintainer’s credentials, no amount of install-script blocking helps, because the malicious code ships as a trusted, signed release,” said Moshe Siman Tov Bustan, security researcher at OX Security, in a report.
The expert argues that the deepest problem isn’t even at install time – victims may still install a package that appears legitimate but already contains malicious code or compromised dependencies.
Running this code will get the system compromised without any post-installation scripts.
“Actors can still execute arbitrary commands the moment their compromised module is require()’d or import’ed – no scripts needed, no user approval prompt, nothing,” the report reads.
Check if your data has been leaked
The researcher also cautions that NPM v12 won’t eliminate every way hackers can run code during package installation. Some packages contain C or other low-level code that requires compilation on install using node-gyp helper, and NPM treats them as “a first-class citizen rather than a lifecycle script.” NPM’s changelog stated the opposite, that packages with binding.gyp and no explicit install script are still blocked.
The researcher shared an example where attackers didn’t even try to hide their malicious intent – they simply published an obviously malicious package impersonating Anthropic, containing hardcoded credential-stealing logic in cleartext. In another example, one developer with a compromised account reportedly waited 24 hours for NPM support to respond.
What does OX suggest?
“NPM must start treating malicious code and malicious intent the way social media platforms treat offensive content,” the researcher said.
“Without malware detection capabilities, these attacks can’t be stopped completely.”
NPM is being flooded with malicious packages, and the repository itself, not the developers, should be asked to inspect the packages and dependencies – many don’t work in security, nor do they track the incidents as they happen.
“The industry can build detection and response tools from the outside, but only for the subset of developers who already use them. Most won’t,” the researcher said.
NPM is controlled by GitHub, which is owned by Microsoft, and the expert says Microsoft bears responsibility for securing the ecosystem.
“The fixes coming in v12 are a start, but they don’t touch account takeover, native builds, or detection of malicious intent at publish time. Closing those gaps is squarely Microsoft’s to do.”
NPM’s response is prompted by multiple emergencies recently.
In March, attackers hijacked the account of a lead maintainer for Axios, one of the most widely used JavaScript libraries with over 100 million weekly downloads. It was abused to deliver malware.
Two months later, a single compromised maintainer account compromised over 600 packages across popular data-visualization and web-development tools. And there were many other compromises, including Trivy, Checkmarx, TanStack, and others.
Unlock more exclusive Cybernews content on YouTube.