Situation
When the .github/workflows/example-node-versions.yml is run, it now outputs a warning for Node.js 26:
npm warn allow-scripts 1 package has install scripts not yet covered by allowScripts:
npm warn allow-scripts cypress@15.16.0 (postinstall: node dist/index.js --exec install)
npm warn allow-scripts
npm warn allow-scripts Run `npm approve-scripts --allow-scripts-pending` to review, or `npm approve-scripts <pkg>` to allow.
Node.js 26.3.0 is installed with bundled npm 11.16.0
Assessment
Node.js 26.3.0 bumped the bundled npm version to
npm@11.16.0
which added "Phase 1 of allowScripts opt-in install-script policy"
Install behaviour is unchanged. Scripts still run as they always have. The only Phase 1 user-visible change is one advisory block at the end of npm install listing packages whose install scripts haven't been reviewed via the new allowScripts field in package.json. A future release will turn that advisory into an actual block.
npm approve-scripts documents this command for npm 11
Suggestion
Running under Node.js 26.3.0, and for all npm-based Cypress examples, apply:
npm approve-scripts cypress --no-allow-scripts-pin
Situation
When the .github/workflows/example-node-versions.yml is run, it now outputs a warning for Node.js 26:
Node.js 26.3.0 is installed with bundled npm 11.16.0
Assessment
Node.js 26.3.0 bumped the bundled npm version to
npm@11.16.0
which added "Phase 1 of allowScripts opt-in install-script policy"
allowScriptsopt-in install-script policy npm/cli#9360allowScriptsopt-in install-script policy (#9360) npm/cli#9415npm approve-scripts documents this command for npm 11
Suggestion
Running under Node.js 26.3.0, and for all npm-based Cypress examples, apply: