GitHub plans to make npm install skip dependency lifecycle scripts by default in npm 12.
That affects scripts such as: preinstall, install, postinstall, prepare
The security gain is clear. The migration risk sits with packages that depend on install-time work, such as native module builds, generated files, or setup scripts.
