postinstall-scripts
Safeguard articles tagged "postinstall-scripts" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Detecting malicious postinstall scripts in npm packages
A 2025 phishing attack compromised 18 npm packages with 2.6 billion weekly downloads. Here's how postinstall scripts became npm's top attack vector.
How npm's default install behavior leaked macOS text-replacement secrets
npm auto-runs postinstall scripts with zero prompts on every install — a design choice Snyk showed in June 2023 can pull sensitive data out of macOS defaults.
Malicious postinstall scripts in npm packages
From eslint-scope in 2018 to the 2025 Shai-Hulud worm, npm postinstall scripts keep delivering malware before any scan or review runs. Here's how it works and what stops it.
npm supply chain attacks via malicious postinstall scripts
How a single postinstall hook in a compromised npm package can run malware at install time, real incidents from 2018-2025, and how to defend against it.
npm postinstall script malware trends
npm postinstall script malware surged 61% in H1 2026. Here's how attackers weaponize lifecycle hooks — and how to detect and stop them.