From a3d7de4fa474f9683a46450f1f7b27f3b8571ce0 Mon Sep 17 00:00:00 2001 From: Abdirahim Musse <33973272+abmusse@users.noreply.github.com> Date: Thu, 2 Jul 2026 16:49:30 -0500 Subject: [PATCH] doc: update npm install steps With npm v12. `npm install` will no longer automatically run scripts from your package dependencies, but instead must be explicitly marked as allowed/trusted. This is to reduce the potential for malware and the effect of other recent supply chain attacks to be performed. node-odbc uses node-pre-gyp to automatically install a pre-built node binding from the corresponding GitHub release or fall back to building it from source if a pre-built is not available. Starting with npm v12, the node-pre-gyp install script will no longer be run unless explicitly allowed using `npm approve-scripts odbc`. Fixes #478 --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 7559fa1..8625455 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,11 @@ Three main steps must be done before `node-odbc` can interact with your database When all these steps have been completed, install `node-odbc` into your Node.js project by using: ```bash +# node-odbc uses node-pre-gyp install scripts +# npm v12+ requires approval for install scripts to run +# https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/ +npm --approve-scripts odbc + npm install odbc ``` ---