From 75d304afa2ca96f381ef48f74afbbd36e1de0318 Mon Sep 17 00:00:00 2001
From: "stepsecurity-app[bot]"
 <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date: Mon, 10 Nov 2025 17:12:06 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/node-ci.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/node-ci.yml b/.github/workflows/node-ci.yml
index 720aee78..1b597dec 100644
--- a/.github/workflows/node-ci.yml
+++ b/.github/workflows/node-ci.yml
@@ -17,6 +17,11 @@ jobs:
   verify:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v3
       - name: Read .nvmrc
         run: echo ::set-output name=NVMRC::$(cat .nvmrc)
@@ -33,6 +38,11 @@ jobs:
     needs: verify
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@v3
       - name: Read .nvmrc
         run: echo ::set-output name=NVMRC::$(cat .nvmrc)