StepSecurity Logo
LoginStart free
actions/setup-node

actions/setup-node

Set up your GitHub Actions workflow with a specific version of node.js

GitHubGitHub Repository

4507 stars

Node.js

Node Action

Score updated 7 days ago

GitHub Actions security score

actions/setup-node

Score

7/10

License

MIT License

Maintained

9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7

Vulnerabilities

3 existing vulnerabilities detected

Branch protection

branch protection is not maximal on development and all release branches

Manual code review

-

Secure publishing

-

Signed commits

-

Automated security tools

-

Popular

Used by 152512 open-source projects

Security Policy

security policy file detected

Networking Behavior of actions/setup-node

This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.

Popular DestinationUnknown Destination
Network DestinationOwner
api.github.comGitHubGitHub
nodejs.orgUnknown
github.comGitHubGitHub
objects.githubusercontent.comGitHubGitHub
registry.npmjs.orgnpm Registrynpm Registry
registry.yarnpkg.comUnknown
raw.githubusercontent.comGitHubGitHub
crates.ioUnknown
repo.yarnpkg.comUnknown
am6.bootstrap.libp2p.ioUnknown
ipfs-7033p.settlemint.comUnknown
dc.services.visualstudio.comUnknown
ipfs-swarm.greyh.atUnknown
ipfs.l0l.zipUnknown
bolero-ipfs-replica-410ap.settlemint.comUnknown
rubygems.orgRubyGemsRubyGems
p2p.gke-middleeast.settlemint.comUnknown
ipfs-ws.neaweb.chUnknown
bark.unix.dogUnknown
d-gj2h7tnxlh.execute-api.us-west-2.amazonaws.comUnknown
proxy.golang.orgGolang ProxyGolang Proxy
storage.googleapis.comGoogleGoogle
release-assets.githubusercontent.comGitHubGitHub
x.cp.wd.microsoft.comMicrosoftMicrosoft
wdcp.microsoft.comMicrosoftMicrosoft
go.microsoft.comMicrosoftMicrosoft
definitionupdates.microsoft.comMicrosoftMicrosoft
global.endpoint.security.microsoft.comMicrosoftMicrosoft
winatp-gw-cus.microsoft.comMicrosoftMicrosoft
us-v20.events.data.microsoft.comMicrosoftMicrosoft
unitedstates.cp.wd.microsoft.comMicrosoftMicrosoft
packages.microsoft.comMicrosoftMicrosoft
azure.archive.ubuntu.comUbuntuUbuntu
esm.ubuntu.comUbuntuUbuntu
bun.shUnknown
us-west1-docker.pkg.devUnknown
cli.codecov.ioCodecovCodecov
keybase.ioUnknown
ingest.codecov.ioCodecovCodecov
o26192.ingest.us.sentry.ioUnknown
cdn.cypress.ioUnknown
download.cypress.ioUnknown