GitHub announced that npm version 12 will disable automatic execution of install scripts by default, eliminating what security practitioners have described as “the single largest code-execution surface in the npm ecosystem” — a mechanism that two active supply chain campaigns relied on to execute malicious payloads the moment developers ran a package installation.
How Miasma and Shai-Hulud Turned Install Scripts Into Automatic Payloads
The announcement came as two active threat campaigns — Miasma, a credential-stealing worm, and Shai-Hulud, also tracked under the Hades designation — were both exploiting npm install lifecycle hooks as their primary delivery mechanism. Install scripts (preinstall, install, and postinstall hooks) are shell commands that npm executes automatically during npm install. They were designed for legitimate purposes such as compiling native modules, but have been systematically abused by supply chain attackers to embed malicious code that fires before any developer review or security scan can intercept it.
Miasma’s Dependence on Postinstall Execution
The Miasma worm’s credential-stealing behavior depended directly on the automatic execution guarantee that install scripts provided. When a developer installed a package carrying Miasma’s payload, the postinstall hook fired immediately — harvesting credentials, tokens, and environment variables from the local system without requiring the developer to run any code from the package explicitly. The worm’s propagation mechanism worked through the same hook: by modifying locally installed packages to embed its own install scripts, Miasma could spread to other developers who installed those packages from local caches or shared registries.
Shai-Hulud’s Exploitation of the Same Hook Architecture
The Shai-Hulud campaign, operating under the parallel Hades designation, applied the same hook architecture for a distinct payload. Both campaigns converging on install scripts during June 2026 reflects how reliably the mechanism works as an attack vector: the execution is guaranteed, the timing is predictable, and the developer has no default indication that the hook is firing or what it is doing.
npm’s 3 Billion Weekly Downloads Define the Scope of the Change
npm processes approximately 3 billion package downloads weekly. Across that volume, install scripts execute an enormous number of times daily in developer workstations, CI/CD pipelines, and build systems — all without explicit per-execution developer authorization. A single malicious package that achieves even limited ecosystem penetration can trigger payload execution across tens of thousands of environments before detection and removal.
The npm v12 default-off approach inverts the trust model that has governed the ecosystem since install scripts were introduced. Previously, all install scripts executed automatically unless a developer took deliberate steps to disable them — an opt-out model that placed the burden on defenders. Under npm v12, no install script executes unless the developer explicitly adds it to an allowlist — an opt-in model that forces a deliberate decision at the project level.
Backward Compatibility Costs for Legitimate Install Script Users
The change carries real costs for a subset of the ecosystem. Packages that use install scripts for legitimate build steps — primarily those that compile native C or C++ modules during installation, and packages requiring environment-specific configuration at install time — will fail to install correctly under npm v12 defaults without developer intervention. Maintainers of these packages will need to update their documentation and, in many cases, communicate the allowlist requirement directly to users. Build pipelines and onboarding scripts that depend on native module compilation through install hooks will require remediation before adoption of npm v12.
GitHub has made the trade-off explicit: preserving broad backward compatibility for a feature that has been systematically weaponized yields to a default security posture that demands opt-in consent. For the vast majority of packages that do not use install scripts, the transition requires no changes. The structural change means that future supply chain campaigns attempting the Miasma or Shai-Hulud approach will encounter an ecosystem where automatic payload execution on install is no longer a default behavior — requiring attackers to either find new delivery mechanisms or rely on developers who have explicitly allowlisted install scripts for packages they may not have fully audited.
