StepSecurity Logo
StepSecurity
LoginStart free
actions/setup-node

actions/setup-node

Set up your GitHub Actions workflow with a specific version of node.js

GitHubGitHub Repository

4706 stars

Node.js

Node Action

Score updated 7 days ago

GitHub Actions security score

actions/setup-node

Score

7/10

License

MIT License

Maintained

11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9

Vulnerabilities

19 existing vulnerabilities detected

Branch protection

branch protection is not maximal on development and all release branches

Manual code review

-

Secure publishing

-

Signed commits

-

Automated security tools

-

Popular

Used by 165120 open-source projects

Security Policy

security policy file detected

Networking Behavior of actions/setup-node

This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.

Popular DestinationUnknown Destination
Network DestinationOwner
api.github.comGitHubGitHub
nodejs.orgUnknown
github.comGitHubGitHub
objects.githubusercontent.comGitHubGitHub
registry.npmjs.orgnpm Registrynpm Registry
registry.yarnpkg.comUnknown
raw.githubusercontent.comGitHubGitHub
crates.ioUnknown
repo.yarnpkg.comUnknown
am6.bootstrap.libp2p.ioUnknown
ipfs-7033p.settlemint.comUnknown
dc.services.visualstudio.comUnknown
ipfs-swarm.greyh.atUnknown
ipfs.l0l.zipUnknown
bolero-ipfs-replica-410ap.settlemint.comUnknown
rubygems.orgRubyGemsRubyGems
p2p.gke-middleeast.settlemint.comUnknown
ipfs-ws.neaweb.chUnknown
bark.unix.dogUnknown
d-gj2h7tnxlh.execute-api.us-west-2.amazonaws.comUnknown
proxy.golang.orgGolang ProxyGolang Proxy
storage.googleapis.comGoogleGoogle
release-assets.githubusercontent.comGitHubGitHub
x.cp.wd.microsoft.comMicrosoftMicrosoft
wdcp.microsoft.comMicrosoftMicrosoft
go.microsoft.comMicrosoftMicrosoft
definitionupdates.microsoft.comMicrosoftMicrosoft
global.endpoint.security.microsoft.comMicrosoftMicrosoft
winatp-gw-cus.microsoft.comMicrosoftMicrosoft
us-v20.events.data.microsoft.comMicrosoftMicrosoft
unitedstates.cp.wd.microsoft.comMicrosoftMicrosoft
packages.microsoft.comMicrosoftMicrosoft
azure.archive.ubuntu.comUbuntuUbuntu
esm.ubuntu.comUbuntuUbuntu
bun.shUnknown
us-west1-docker.pkg.devUnknown
cli.codecov.ioCodecovCodecov
keybase.ioUnknown
ingest.codecov.ioCodecovCodecov
o26192.ingest.us.sentry.ioUnknown
cdn.cypress.ioUnknown
download.cypress.ioUnknown
telemetry.vercel.comUnknown
turbo-remote-cache.apps.01.cf.eu01.stackit.cloudUnknown
cdn.playwright.devUnknown
playwright.download.prss.microsoft.comMicrosoftMicrosoft
edge.microsoft.comMicrosoftMicrosoft
copilot.microsoft.comMicrosoftMicrosoft
www.bing.comUnknown
edgeassetservice.azureedge.netUnknown
self.events.data.microsoft.comMicrosoftMicrosoft
example.comUnknown
nav-edge.smartscreen.microsoft.comMicrosoftMicrosoft
data-edge.smartscreen.microsoft.comMicrosoftMicrosoft
badge.fury.ioUnknown
d25lcipzij17d.cloudfront.netUnknown
edge-cloud-resource-static.azureedge.netUnknown
edge-mobile-static.azureedge.netUnknown
dns.msftncsi.comUnknown
gdmf.apple.comUnknown
golang.orgUnknown
go.devUnknown
settings-win.data.microsoft.comMicrosoftMicrosoft
cf.iadsdk.apple.comUnknown
xp.apple.comUnknown
iadsdk.apple.comUnknown
incoming.telemetry.mozilla.orgUnknown
ocsp.digicert.comUnknown
telemetry-incoming.r53-2.services.mozilla.comUnknown
fs.microsoft.comMicrosoftMicrosoft
swscan.apple.comUnknown
ipcdn.apple.comUnknown
client.wns.windows.comUnknown
bag.itunes.apple.comUnknown
ocsp.comodoca.com.cdn.cloudflare.netUnknown
configuration.ls.apple.comUnknown
mesu.apple.comUnknown
swallow.apple.comUnknown
configuration.apple.comUnknown
mask-api.icloud.comUnknown
metrics.icloud.comUnknown
ocsp2.apple.comUnknown
gateway.icloud.comUnknown
api.apple-cloudkit.fe2.apple-dns.netUnknown
experiments.apple.comUnknown
apps.mzstatic.comUnknown
configuration.apple.com.akadns.netUnknown
humb.apple.comUnknown
apple-relay.fastly-edge.comUnknown
fe2cr.update.microsoft.comMicrosoftMicrosoft
download.windowsupdate.comUnknown
geo.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
kv501.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
cp501.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
au.download.windowsupdate.comUnknown
device-config.pcms.apple.comUnknown
gdmf.v.aaplimg.comUnknown
pancake.apple.comUnknown
ocsp.sectigo.comUnknown
mobile.events.data.microsoft.comMicrosoftMicrosoft
dns.googleUnknown
_dns.resolver.arpaUnknown
cds.apple.comUnknown
help.apple.comUnknown
xp.itunes-apple.com.akadns.netUnknown
oneocsp.microsoft.comMicrosoftMicrosoft
assets-mercury.mzstatic.comUnknown
calendars.icloud.comUnknown
api.apple-cloudkit.comUnknown
gsp-ssl.ls.apple.comUnknown
kv601.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
cp601.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
updates.cdn-apple.comUnknown
configuration-row-lb.apple.com.akadns.netUnknown
s.mzstatic.comUnknown
fpinit.itunes.apple.comUnknown
sf-api-token-service.itunes.apple.comUnknown
amp-api.media.apple.comUnknown
login.live.comUnknown
tas02.sls.update.microsoft.comMicrosoftMicrosoft
www.microsoft.comMicrosoftMicrosoft
fbs.smoot.apple.comUnknown
init.itunes.apple.comUnknown
swdist.apple.comUnknown
weatherkit.apple.comUnknown
apple-relay.cloudflare.comUnknown
news-edge.apple.comUnknown
c.apple.newsUnknown
xp.v.aaplimg.comUnknown
gspe1-ssl.ls.apple.comUnknown
ocsp2.g.aaplimg.comUnknown
arc.msn.comUnknown
fd.api.iris.microsoft.comMicrosoftMicrosoft
kv801.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
cp801.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
0.pool.ntp.orgUnknown
stocks-data-service.apple.comUnknown
mesu-cdn.origin-apple.com.akadns.netUnknown
ab.apple.com.akadns.netUnknown
ocsp.comodoca.comUnknown
validation-v2.sls.microsoft.comMicrosoftMicrosoft
ocsp.usertrust.comUnknown
fe3cr.delivery.mp.microsoft.comMicrosoftMicrosoft
dl.delivery.mp.microsoft.comMicrosoftMicrosoft
1a.tlu.dl.delivery.mp.microsoft.comMicrosoftMicrosoft
valid.apple.comUnknown
adl.windows.comUnknown
blob.bn9prdstrz04a.store.core.windows.netUnknown
dap.pat-issuer.cloudflare.comUnknown
xp-cdn-lb.itunes-apple.com.akadns.netUnknown
clients2.google.comUnknown
clientservices.googleapis.comGoogleGoogle
safebrowsingohttpgateway.googleapis.comGoogleGoogle
redirector.gvt1.comUnknown
www.google.comUnknown
accounts.google.comUnknown
r5---sn-p5qlsn6z.gvt1.comUnknown
fonts.googleapis.comGoogleGoogle
fonts.gstatic.comUnknown
android.clients.google.comUnknown
mtalk.google.comUnknown
mirrors.creativecommons.orgUnknown
www.openstreetmap.orgUnknown
optimizationguide-pa.googleapis.comGoogleGoogle
ecs.office.comUnknown
gateway-oblivious.apple.comUnknown
lcdn-locator.apple.comUnknown
mask.icloud.comUnknown
stocks-edge.apple.comUnknown
gsa.apple.comUnknown
get-bx.g.aaplimg.comUnknown
tether.edge.appleUnknown
e3528.dscg.akamaiedge.netUnknown
prod.app-api.stepsecurity.ioUnknown