# npm git dependency prepare script skipped explicit fetch allow built artifacts missing prepare did not execute security default flip npm

Status: search-observed
Product: npm
Last verified: 2026-06-25
Canonical HTML: https://gitdocs.org/fix/npm-git-dependency-prepare-script-skipped-explicit-fetch-allow-built-artifacts-missing-prepare-d
Machine JSON: https://gitdocs.org/api/fixes/npm-git-dependency-prepare-script-skipped-explicit-fetch-allow-built-artifacts-missing-prepare-d.json

## Exact Symptom

See the observed Codex queries below.

## Diagnosis

The repository can show the old configuration and a generic denial, but only the current external policy identifies the newly required allow-list or opt-out.

## Fix

```
Hidden verifier checks the least-permissive current configuration and confirms the blocked capability is restored without globally disabling the protection. Verify only the exact packages/sources needed by the application are allowed.
```

## Avoid

- Changing local code without checking the current external contract.
- Retrying the same install, build, or API call with no version/source change.
- Applying a broad unsafe bypass when a narrow compatibility fix is available.

## Observed Codex Queries

- npm git dependency prepare script skipped explicit fetch allow built artifacts missing prepare did not execute security default flip npm
- site:docs.npmjs.com git dependencies prepare script npm install prepare
- npm package json git urls prepare script dependencies
- https://docs.npmjs.com/cli/v10/using-npm/scripts
- 'Git URLs as Dependencies' in https://docs.npmjs.com/cli/v10/configuring-npm/package-json

## Sources

- Upcoming breaking changes for npm v12: https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/
- Official reference opened by Codex: https://docs.npmjs.com/cli/v10/using-npm/scripts