secure-repo icon indicating copy to clipboard operation
secure-repo copied to clipboard

Published 20 hours ago verified publisher icon step-security

[KB] Add GitHub token permissions for JS-DevTools/npm-publish Action

Open step-security-bot opened this issue 2 years ago • 2 comments

Knowledge Base is missing for JS-DevTools/npm-publish.

step-security-bot avatar Oct 11 '22 04:10 step-security-bot

Analysis

Action Name: JS-DevTools/npm-publish
Action Type: Node
GITHUB_TOKEN Matches: token,TOKEN
Top language: JavaScript
Stars: 380
Private: false
Forks: 55

Endpoints Found

Endpoint Permission

FollowUp Links.

https://github.com/JS-DevTools/npm-publish/blob/e42e3720bfe21259120218c19fdbfedcf72692bd/test/specs/action/success.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/test/specs/action/failure.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/test/specs/lib/success.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/test/specs/cli/success.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/test/specs/cli/args.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/test/specs/cli/failure.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/test/specs/lib/failure.spec.js https://github.com/JS-DevTools/npm-publish/blob/0f451a94170d1699fd50710966d48fb26194d939/dist/sourcemap-register.js

action-security.yml

name: NPM Publish
github-token:
  action-input:
    input: token
    is-default: false
  permissions:

step-security-bot avatar Oct 11 '22 04:10 step-security-bot

I have taken this issue

sph4674 avatar Oct 11 '22 11:10 sph4674