GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
More info