AI Security AI安全 1d ago Updated 1d ago 更新于 1天前 51

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk npm 12 默认禁用安装脚本以降低供应链风险

npm 12 disables install scripts, git dependencies, and remote URL dependencies by default to mitigate supply chain attacks. Granular Access Tokens (GATs) can no longer bypass Two-Factor Authentication (2FA) for sensitive account or package management actions. Automated publishing via long-lived tokens is deprecated in favor of Trusted Publishing (OIDC) or staged publishing requiring human 2FA approval. pnpm 11.10 introduces a secure `_auth` setting that binds credentials to hosts, preventing tok npm 12 默认禁用安装脚本(allowScripts=off),强制开发者显式批准依赖生命周期脚本以缓解供应链攻击风险。 废弃可绕过双因素认证(2FA)的细粒度访问令牌(GATs),限制其执行敏感账户管理和直接发布包的操作。 引入新的安全机制,要求自动化发布流程迁移至可信发布(OIDC)或需人工2FA审批的分阶段发布模式。 pnpm 11.10 推出新的 `_auth` 配置项,将凭据与主机绑定并从全局配置读取,防止项目文件篡改导致的凭证重定向攻击。

75
Hot 热度
70
Quality 质量
72
Impact 影响力

Analysis 深度分析

TL;DR

  • npm 12 disables install scripts, git dependencies, and remote URL dependencies by default to mitigate supply chain attacks.
  • Granular Access Tokens (GATs) can no longer bypass Two-Factor Authentication (2FA) for sensitive account or package management actions.
  • Automated publishing via long-lived tokens is deprecated in favor of Trusted Publishing (OIDC) or staged publishing requiring human 2FA approval.
  • pnpm 11.10 introduces a secure _auth setting that binds credentials to hosts, preventing token redirection through compromised project files.

Why It Matters

These changes represent a significant shift in the Node.js ecosystem's security posture, moving from convenience-driven defaults to security-by-default practices. For AI practitioners and developers integrating machine learning models or tools via npm, understanding these restrictions is crucial to avoid build failures and ensure secure deployment pipelines. The industry-wide move towards stricter authentication and script validation reduces the attack surface for malicious package injection, which is particularly critical in AI infrastructure where dependencies often handle sensitive data or computational resources.

Technical Details

  • Default Behavior Changes: allowScripts defaults to off, disabling lifecycle scripts (preinstall, install, postinstall) and implicit node-gyp builds. --allow-git and --allow-remote default to none, blocking automatic resolution of Git and remote URL dependencies.
  • Approval Workflow: Users must explicitly run npm approve-scripts --allow-scripts-pending to review pending scripts and commit an allowlist to package.json.
  • Token Restrictions: GATs configured to bypass 2FA lose permissions for sensitive actions (e.g., changing passwords, managing organization membership) and direct publishing. Publishing is limited to staging, requiring human 2FA approval to go live.
  • Timeline: Token restrictions take effect in August 2026, with full publishing surface limitations enforced by January 2027.
  • pnpm Security Update: pnpm 11.10 implements a structured _auth setting that stores credentials globally or via environment variables, ensuring they cannot be redirected by tampered local .npmrc or pnpm-workspace.yaml files.

Industry Insight

  • Pipeline Modernization: Organizations should immediately audit CI/CD pipelines for reliance on long-lived publish tokens or implicit script execution. Transitioning to OIDC-based Trusted Publishing or implementing staged publishing workflows is essential for compliance with the new npm 12 standards.
  • Dependency Auditing: Developers must proactively review and whitelist necessary scripts and dependencies before upgrading to npm 12. Automated testing suites should include checks for allowScripts configurations to prevent silent build failures.
  • Security Hygiene: The pnpm update highlights the importance of separating credential storage from project code. Teams should adopt similar practices across all package managers, ensuring authentication tokens are managed via secure environment variables or secret managers rather than committed configuration files.

TL;DR

  • npm 12 默认禁用安装脚本(allowScripts=off),强制开发者显式批准依赖生命周期脚本以缓解供应链攻击风险。
  • 废弃可绕过双因素认证(2FA)的细粒度访问令牌(GATs),限制其执行敏感账户管理和直接发布包的操作。
  • 引入新的安全机制,要求自动化发布流程迁移至可信发布(OIDC)或需人工2FA审批的分阶段发布模式。
  • pnpm 11.10 推出新的 _auth 配置项,将凭据与主机绑定并从全局配置读取,防止项目文件篡改导致的凭证重定向攻击。

为什么值得看

本文揭示了开源软件供应链安全治理的重大转折点,npm 和 pnpm 等核心工具通过默认安全策略收紧,显著提高了恶意代码注入和凭证窃取的技术门槛。对于AI从业者及全栈开发者而言,理解这些底层包管理器的安全变更是保障模型训练数据管道、CI/CD流水线及生产环境依赖安全的关键前提。

技术解析

  • npm 12 默认安全策略变更allowScripts 默认为 off--allow-git--allow-remote 默认为 none。这意味着 preinstallpostinstall 等生命周期脚本及隐式 node-gyp 构建不再自动运行,必须通过 npm approve-scripts 命令显式审查并写入 package.json 白名单。
  • GATs 权限收缩与实施时间表:配置为绕过 2FA 的细粒度访问令牌将被弃用。自 2026 年 8 月起,此类令牌无法执行创建/删除令牌、修改账户设置或管理组织成员等敏感操作;自 2027 年 1 月起,禁止直接发布包,仅允许读取私有包和暂存发布(需人工 2FA 审批)。
  • pnpm 11.10 凭证隔离机制:引入 _auth 设置,将认证凭据作为单一结构化值与注册表 URL 绑定。该配置仅从环境变量或全局配置读取,严禁从项目文件(如 .npmrc)加载,从而阻断攻击者通过篡改本地配置文件重定向令牌至恶意主机的路径。
  • 过渡期建议:GitHub 建议开发者升级至 npm 11.16.0+ 预览警告,并逐步将长期存在的发布令牌替换为基于 OIDC 的可信发布流程或包含人工审批步骤的分阶段发布工作流。

行业启示

  • DevSecOps 流程重构:供应链安全已从“可选最佳实践”变为“默认强制约束”。团队需重新评估 CI/CD 流水线中的包管理配置,确保自动化脚本符合新的审批和白名单机制,避免因默认行为变更导致构建失败。
  • 身份认证范式转移:随着 GATs 绕过 2FA 能力的移除,基于静态令牌的自动化运维模式面临淘汰。组织应加速向零信任架构演进,采用短期凭证、OIDC 集成及多因素人工审批相结合的身份验证体系。
  • 工具链生态协同效应:npm 与 pnpm 在安全策略上的趋同表明,包管理器正在成为软件供应链安全的最后一道防线。开发者在选择工具链时,应将内置的安全默认值、配置隔离能力及社区维护活跃度作为核心评估指标。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Open Source 开源 Security 安全 Programming 编程