Comment by bakkoting
13 minutes ago
They have taken action as of very recently. The latest version [1] of npm warns when there are install scripts and tells you they will be disabled by default in a future version, with a per-dependency opt in mechanism [2].
This is way too little, way too late.
To see what I mean, try actually packaging a cross-platform binary dependency in their ecosystem.