Monday 06 July 2026 21:53:08 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Lifecycle hook

A script that runs automatically at a defined stage of package installation or build.

A lifecycle hook is a script that runs automatically at a specific stage of a package’s life, such as install, build, preinstall, postinstall, or prepare. In package managers like npm, these hooks let software prepare files, compile native code, or perform setup tasks without manual steps.

In cyber security, lifecycle hooks matter because they create automatic execution paths inside the supply chain. If a malicious or compromised dependency contains a hook, its code may run as soon as the package is installed, before a developer notices anything unusual. Defenders reduce this risk by requiring explicit approval, reviewing package scripts, using allowlists, and limiting what runs in build and CI environments. Safer defaults around lifecycle hooks help turn hidden execution into visible, auditable policy.

← WIKICROOK index