Block npm packages with Install Scripts

We are introducing a new security policy for npm firewalls and registries called Block Install Scripts to protect our users from potential security risks associated with install scripts.

Block Install Scripts Policy

Using install scripts is one of the most common ways to spread malware via npm packages and therefore it is essential to take extra precautions to protect yourself from malicious install scripts.

Unfortunately package managers like npm execute Install scripts automatically by default, putting your system at risk.

The Block Install Scripts policy will quarantine all npm packages with pre- and post-install scripts, ensuring that your organization can use packages with confidence, knowing that they have been reviewed for potential security risks.

Please note that it’s common for packages to depend on install scripts, so there may be some initial review work required.

To enable the policy, go to Plugins in your npm firewall > Enable Block Install Scripts Policy

Need any assistance?

Drop us an email if you have any questions or need any assistance. We are happy to help!