Merge pull request #215 from TopCli/security-enhance

fraxken · web-flow · commit aa35a028b1a3 · 2025-12-27T17:25:15.000+01:00
Security enhance
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,6 +4,8 @@ updates:
     directory: /
     schedule:
       interval: monthly
+    cooldown:
+      default-days: 5
     groups:
       github-actions:
         patterns:
@@ -14,6 +16,8 @@ updates:
     versioning-strategy: widen
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 5
     groups:
       dependencies:
         dependency-type: "production"
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.x]
+        node-version: [24.x]
       fail-fast: false
     steps:
       - name: Harden Runner
@@ -29,7 +29,7 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
-        run: npm i
+        run: npm install --ignore-scripts
       - name: Lint
         run: npm run lint
       - name: Build
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,29 @@
+name: Publish Package
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        with:
+          node-version: '24.x'
+          registry-url: 'https://registry.npmjs.org'
+
+      # Ensure npm 11.5.1 or later is installed
+      - name: Update npm
+        run: npm install -g npm@latest
+      - run: npm install --ignore-scripts
+      - run: npm run build --if-present
+      - run: npm test
+      - run: npm publish
diff --git a/.npmrc b/.npmrc
@@ -1 +1,3 @@
 package-lock=false
+ignore-scripts=true
+save-exact=true
diff --git a/package.json b/package.json
@@ -13,6 +13,11 @@
     "coverage": "c8 -r html npm run test-only",
     "lint": "eslint src test"
   },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public",
+    "provenance": true
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/TopCli/Spinner.git"

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`package-lock=false`
	`2`	`+ignore-scripts=true`
	`3`	`+save-exact=true`