docs: Update caching recommendations to mitigate cache poisoning risks (#1567)

* docs: Update caching recommendations to mitigate cache poisoning risks

* docs: Disable automatic npm caching to mitigate cache poisoning risks
This commit is contained in:
Chiranjib Swain
2026-07-02 23:44:10 +05:30
committed by GitHub
parent 6a61c0375d
commit 7c2c68d20d
2 changed files with 26 additions and 1 deletions
+3
View File
@@ -119,6 +119,7 @@ steps:
- uses: actions/setup-node@v6
with:
node-version: 24
package-manager-cache: false # Disable automatic npm caching if not required
- run: npm ci
- run: npm test
```
@@ -217,6 +218,7 @@ jobs:
uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node }}
package-manager-cache: false # Disable automatic npm caching if not required
- run: npm ci
- run: npm test
```
@@ -232,6 +234,7 @@ uses: actions/setup-node@v6
with:
token: ${{ secrets.GH_DOTCOM_TOKEN }}
node-version: 24
package-manager-cache: false # Disable automatic npm caching if not required
```
If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.