Security default flip
npm v12 allow-scripts postinstall native addon scripts disabled default
Install exits 0, but the native `.node` binary is absent and runtime throws MODULE_NOT_FOUND.
Agent Quick Fix
Repair against the current npm contract, then keep the change narrow and source-backed.
Product: npm
Current-contract area: Native addon postinstall blocked by npm v12 allowScripts
Likely root cause: Install exits 0, but the native `.node` binary is absent and runtime throws MODULE_NOT_FOUND.
Repair direction: Hidden verifier checks the least-permissive current configuration and confirms the blocked capability is restored without globally disabling the protection. Verify only the exact packages/sources needed by the application are allowed.Symptom
Install exits 0, but the native `.node` binary is absent and runtime throws MODULE_NOT_FOUND.
Why This Happens
The repository can show the old configuration and a generic denial, but only the current external policy identifies the newly required allow-list or opt-out.
Common Wrong Fixes
- Changing local code without checking the current external contract.
- Retrying the same install, build, or API call with no version/source change.
- Applying a broad unsafe bypass when a narrow compatibility fix is available.
Codex Search Keywords
These are the search terms observed in a neutral Codex validation run for this failure shape.
npm v12 allow-scripts postinstall native addon scripts disabled default
site:docs.npmjs.com scripts npm install ignore-scripts postinstall native addon
npm ignore-scripts postinstall documentation
https://docs.npmjs.com/cli/v11/using-npm/config
'## allow-scripts' in https://docs.npmjs.com/cli/v11/using-npm/config
https://docs.npmjs.com/cli/v11/commands/npm-approve-scripts