GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

**GitHub will disable npm install scripts by default in npm v12 to curb widespread supply-chain attacks that abuse lifecycle hooks; the report outlines past incidents (worms and supply-chain campaigns), the risk of install scripts executing with developer permissions, and recommended developer actions (audit dependencies, --ignore-scripts testing, allow-lists and CI updates).**