GitHub to Update npm to Thwart Software Supply Chain Attacks

Friday, June 12, 2026 at 01:00 PM UTC·Source: Infosecurity Magazine

Updated: Friday, June 12, 2026 at 01:00 PM UTC

Executive Summary

NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts

Analysis

NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts

Source Attribution

Originally published by Infosecurity Magazine on Jun 12, 2026.

Related Threats

MEDIUMSupply Chain

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

Arch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR. The post Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages appeared first on SecurityWeek .

8h agoSecurityWeek

CRITICALSupply Chain

Cisco patches SD-WAN flaw amid evidence of active exploitation

Cisco has released fixes for a vulnerability in its Catalyst SD-WAN Manager software after becoming aware of limited exploitation of the flaw, which could allow an authenticated attacker to create or overwrite files that may later be used to gain root privileges. The vulnerability, tracked as CVE-2026 – 20262 , affects the web interface of Cisco Catalyst SD-WAN Manager, formerly known as SD-WAN vM

9h agoCSO Online

MEDIUMSupply Chain

Software Dependency Cooldowns Are a Symptom, Not a Strategy

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/software-dependency-cooldowns-are-a-symptom-not-a-strategy" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_dependency_cooldown.jpg" alt="Image with triangle shape at center containing an exclamation point, signifying a notification icon. Triangle is at center of line connectors to

23h agoSonatype (Maven/npm)