Security maintenance (#304)

fraxken · web-flow · commit 58405249cad8 · 2025-11-28T16:22:59.000+01:00
* chore(.npmrc): add save-exact + ignore-scripts

* chore(dependabot): cool-down to 5 days

* chore: drop Node.js v20

* ci: drop NodeSecure ci-action
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,6 +4,8 @@ updates:
     directory: /
     schedule:
       interval: monthly
+    cooldown:
+      default-days: 5
     groups:
       github-actions:
         patterns:
@@ -24,5 +26,7 @@ updates:
     directory: /test/fixtures/audit
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 5
     ignore:
       - dependency-name: "*"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -20,16 +20,16 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v2.6.0
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
         with:
-          node-version: 22.x
+          node-version: 24.x
       - name: Install dependencies
-        run: npm install
+        run: npm install --ignore-scripts
       - name: Run ESLint
         run: npm run lint
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.x, 22.x]
+        node-version: [22.x, 24.x]
       fail-fast: false
     steps:
       - name: Harden Runner
@@ -60,25 +60,3 @@ jobs:
         uses: fastify/github-action-merge-dependabot@1b2ed42db8f9d81a46bac83adedfc03eb5149dff # v3.11.2
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
-  nsci:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [20.x, 22.x]
-      fail-fast: false
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
-        with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
-        with:
-          node-version: ${{ matrix.node-version }}
-      - name: Install dependencies
-        run: npm install
-      - uses: NodeSecure/ci-action@e3ac9c03585752e979622279106a161e94d5717b # v1
-        with:
-          warnings: warning
diff --git a/.npmrc b/.npmrc
@@ -1 +1,3 @@
 package-lock=false
+save-exact=true
+ignore-scripts=true
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@
 The **vuln-*era*** has begun! Programmatically fetch security vulnerabilities with one or many strategies. Originally designed to run and analyze [Scanner](https://github.com/NodeSecure/scanner) dependencies it now also runs independently from an npm Manifest.
 
 ## Requirements
-- [Node.js](https://nodejs.org/en/) v20 or higher
+- [Node.js](https://nodejs.org/en/) v22 or higher
 
 ## Getting Started
 
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "description": "NodeSecure vulnerabilities strategies",
   "type": "module",
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
   },
   "exports": "./dist/index.js",
   "types": "./dist/index.d.ts",

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`package-lock=false`
	`2`	`+save-exact=true`
	`3`	`+ignore-scripts=true`