mirror of
https://github.com/actions/setup-node.git
synced 2026-07-04 06:10:14 +03:00
docs: Update caching recommendations to mitigate cache poisoning risks (#1567)
* docs: Update caching recommendations to mitigate cache poisoning risks * docs: Disable automatic npm caching to mitigate cache poisoning risks
This commit is contained in:
@@ -119,6 +119,7 @@ steps:
|
||||
- uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: 24
|
||||
package-manager-cache: false # Disable automatic npm caching if not required
|
||||
- run: npm ci
|
||||
- run: npm test
|
||||
```
|
||||
@@ -217,6 +218,7 @@ jobs:
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version: ${{ matrix.node }}
|
||||
package-manager-cache: false # Disable automatic npm caching if not required
|
||||
- run: npm ci
|
||||
- run: npm test
|
||||
```
|
||||
@@ -232,6 +234,7 @@ uses: actions/setup-node@v6
|
||||
with:
|
||||
token: ${{ secrets.GH_DOTCOM_TOKEN }}
|
||||
node-version: 24
|
||||
package-manager-cache: false # Disable automatic npm caching if not required
|
||||
```
|
||||
|
||||
If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.
|
||||
|
||||
Reference in New Issue
Block a user