File tree Expand file tree Collapse file tree 1 file changed +9
-4
lines changed
Expand file tree Collapse file tree 1 file changed +9
-4
lines changed Original file line number Diff line number Diff line change @@ -10,15 +10,20 @@ jobs:
1010 name : Publish to NPM
1111 runs-on : ubuntu-latest
1212 steps :
13- - uses : actions/checkout@v5
13+ - name : Harden the runner (Audit all outbound calls)
14+ uses : step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
15+ with :
16+ egress-policy : audit
17+
18+ - uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
1419
15- - uses : actions/setup-node@v6
20+ - uses : actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
1621 with :
1722 cache-dependency-path : ./yarn.lock
1823 cache : " yarn"
1924 node-version : 20
2025
21- - uses : bahmutov/npm-install@v1
26+ - uses : bahmutov/npm-install@3e063b974f0d209807684aa23e534b3dde517fd9 # v1.11.2
2227 with :
2328 useLockFile : false
2429
3338
3439 - run : " npm version ${VERSION} --no-git-tag-version"
3540
36- - uses : JS-DevTools/npm-publish@v4
41+ - uses : JS-DevTools/npm-publish@7f8fe47b3bea1be0c3aec2b717c5ec1f3e03410b # v4.1.1
3742 with :
3843 token : ${{ secrets.NPM_TOKEN }}
3944 access : public
You can’t perform that action at this time.
0 commit comments