{"id":13464462,"url":"https://github.com/actions/setup-node","last_synced_at":"2025-09-09T20:38:54.840Z","repository":{"id":37276476,"uuid":"189476904","full_name":"actions/setup-node","owner":"actions","description":"Set up your GitHub Actions workflow with a specific version of node.js","archived":false,"fork":false,"pushed_at":"2025-09-01T14:02:56.000Z","size":30743,"stargazers_count":4375,"open_issues_count":89,"forks_count":1486,"subscribers_count":126,"default_branch":"main","last_synced_at":"2025-09-02T10:55:19.231Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-05-30T20:19:16.000Z","updated_at":"2025-09-02T06:22:36.000Z","dependencies_parsed_at":"2024-01-10T23:02:02.212Z","dependency_job_id":"87cf2643-e08c-4548-8c84-a884c45e39c3","html_url":"https://github.com/actions/setup-node","commit_stats":{"total_commits":359,"total_committers":96,"mean_commits":"3.7395833333333335","dds":0.8690807799442897,"last_synced_commit":"48b90677b6048efbc723b11a94acb950d3f1ac36"},"previous_names":[],"tags_count":63,"template":false,"template_full_name":null,"purl":"pkg:github/actions/setup-node","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-node","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-node/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-node/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-node/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","download_url":"https://codeload.github.com/actions/setup-node/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Fsetup-node/sbom","scorecard":{"id":163795,"data":{"date":"2025-08-11","repo":{"name":"github.com/actions/setup-node","commit":"5e2628c959b9ade56971c0afcebbe5332d44b398"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.6,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: externals/7zr.exe:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-immutable-actions.yml:11","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/publish-immutable-actions.yml:13","Warn: no topLevel permission defined: .github/workflows/basic-validation.yml:1","Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e-cache.yml:1","Warn: no topLevel permission defined: .github/workflows/licensed.yml:1","Warn: no topLevel permission defined: .github/workflows/proxy.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-immutable-actions.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-new-action-version.yml:15","Warn: no topLevel permission defined: .github/workflows/update-config-files.yml:1","Warn: no topLevel permission defined: .github/workflows/versions.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/basic-validation.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/basic-validation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-cache.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/e2e-cache.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/licensed.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/licensed.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proxy.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/proxy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proxy.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/proxy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-immutable-actions.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/publish-immutable-actions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-immutable-actions.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/publish-immutable-actions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-new-action-version.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/release-new-action-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-config-files.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/update-config-files.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versions.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/actions/setup-node/versions.yml/main?enable=pin","Warn: npmCommand not pinned by hash: __tests__/verify-node.sh:20","Warn: npmCommand not pinned by hash: .github/workflows/e2e-cache.yml:34","Info:   0 out of  32 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/actions/.github/SECURITY.md:1","Info: Found linked content: github.com/actions/.github/SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: github.com/actions/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":1,"reason":"branch protection is not maximal on development and all release branches","details":["Warn: branch protection not enabled for branch 'releases/v3'","Warn: branch protection not enabled for branch 'releases/v2'","Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 29 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T14:18:12.435Z","repository_id":37276476,"created_at":"2025-08-16T14:18:12.435Z","updated_at":"2025-08-16T14:18:12.435Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274358526,"owners_count":25270679,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T14:00:43.500Z","updated_at":"2025-09-09T20:38:54.830Z","avatar_url":"https://github.com/actions.png","language":"TypeScript","funding_links":[],"categories":["Example 03: Actions","Official Resources","TypeScript","Popular GitHub Actions","others","二、核心官方Action（工作流必备）"],"sub_categories":["Official Actions","3. 编程语言环境配置"],"readme":"# setup-node\n\n[![basic-validation](https://github.com/actions/setup-node/actions/workflows/basic-validation.yml/badge.svg)](https://github.com/actions/setup-node/actions/workflows/basic-validation.yml)\n[![versions](https://github.com/actions/setup-node/actions/workflows/versions.yml/badge.svg)](https://github.com/actions/setup-node/actions/workflows/versions.yml)\n[![e2e-cache](https://github.com/actions/setup-node/actions/workflows/e2e-cache.yml/badge.svg?branch=main)](https://github.com/actions/setup-node/actions/workflows/e2e-cache.yml)\n[![proxy](https://github.com/actions/setup-node/actions/workflows/proxy.yml/badge.svg)](https://github.com/actions/setup-node/actions/workflows/proxy.yml)\n\nThis action provides the following functionality for GitHub Actions users:\n\n- Optionally downloading and caching distribution of the requested Node.js version, and adding it to the PATH\n- Optionally caching npm/yarn/pnpm dependencies\n- Registering problem matchers for error output\n- Configuring authentication for GPR or npm\n\n## Breaking changes in V5 \n\n- Enabled caching by default with package manager detection if no cache input is provided.\n  \u003e For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching by setting `package-manager-cache: false` when caching is not needed for secure operation.\n\n- Upgraded action from node20 to node24.\n  \u003e Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)\n\nFor more details, see the full release notes on the [releases page](https://github.com/actions/setup-node/releases/v5.0.0)\n\n## Usage\n\nSee [action.yml](action.yml)\n\n\u003c!-- start usage --\u003e\n```yaml\n- uses: actions/setup-node@v5\n  with:\n    # Version Spec of the version to use in SemVer notation.\n    # It also admits such aliases as lts/*, latest, nightly and canary builds\n    # Examples: 12.x, 10.15.1, \u003e=10.15.0, lts/Hydrogen, 16-nightly, latest, node\n    node-version: ''\n\n    # File containing the version Spec of the version to use.  Examples: package.json, .nvmrc, .node-version, .tool-versions.\n    # If node-version and node-version-file are both provided the action will use version from node-version. \n    node-version-file: ''\n\n    # Set this option if you want the action to check for the latest available version \n    # that satisfies the version spec.\n    # It will only get affect for lts Nodejs versions (12.x, \u003e=10.15.0, lts/Hydrogen). \n    # Default: false\n    check-latest: false\n\n    # Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default.\n    # Default: ''. The action use system architecture by default \n    architecture: ''\n\n    # Used to pull node distributions from https://github.com/actions/node-versions. \n    # Since there's a default, this is typically not supplied by the user. \n    # When running this action on github.com, the default value is sufficient. \n    # When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting.\n    #\n    # We recommend using a service account with the least permissions necessary. Also\n    # when generating a new PAT, select the least scopes necessary.\n    #\n    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)\n    #\n    # Default: ${{ github.server_url == 'https://github.com' \u0026\u0026 github.token || '' }}\n    token: ''\n\n    # Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm.\n    # Package manager should be pre-installed\n    # Default: ''\n    cache: ''\n\n    # Used to disable automatic caching based on the package manager field in package.json. By default, caching is enabled if the package manager field is present and no cache input is provided'\n    # default: true\n    package-manager-cache: true\n\n    # Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. \n    # It will generate hash from the target file for primary key. It works only If cache is specified.  \n    # Supports wildcards or a list of file names for caching multiple dependencies.\n    # Default: ''\n    cache-dependency-path: ''\n\n    # Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, \n    # and set up auth to read in from env.NODE_AUTH_TOKEN.\n    # Default: ''\n    registry-url: ''\n\n    # Optional scope for authenticating against scoped registries. \n    # Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/).\n    # Default: ''\n    scope: ''\n\n    # Set always-auth option in npmrc file.\n    # Default: ''\n    always-auth: ''\n\n    # Optional mirror to download binaries from.\n    # Artifacts need to match the official Node.js\n    # Example:\n    # V8 Canaray Build: \u003cmirror_url\u003e/download/v8-canary\n    # RC Build: \u003cmirror_url\u003e/download/rc\n    # Official: Build \u003cmirror_url\u003e/dist\n    # Nightly build: \u003cmirror_url\u003e/download/nightly\n    # Default: ''\n    mirror: ''\n\n    # Optional mirror token.\n    # The token will be used as a bearer token in the Authorization header\n    # Default: ''\n    mirror-token: ''\n```\n\u003c!-- end usage --\u003e\n\n**Basic:**\n\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-node@v5\n  with:\n    node-version: 18\n- run: npm ci\n- run: npm test\n```\n\nThe `node-version` input is optional. If not supplied, the node version from PATH will be used. However, it is recommended to always specify Node.js version and don't rely on the system one.\n\nThe action will first check the local cache for a semver match. If unable to find a specific version in the cache, the action will attempt to download a version of Node.js. It will pull LTS versions from [node-versions releases](https://github.com/actions/node-versions/releases) and on miss or failure will fall back to the previous behavior of downloading directly from [node dist](https://nodejs.org/dist/).\n\nFor information regarding locally cached versions of Node.js on GitHub hosted runners, check out [GitHub Actions Runner Images](https://github.com/actions/runner-images).\n\n### Supported version syntax\n\nThe `node-version` input supports the Semantic Versioning Specification, for more detailed examples please refer to [the semver package documentation](https://github.com/npm/node-semver).\n\nExamples:\n\n - Major versions: `18`, `20`\n - More specific versions: `10.15`, `16.15.1` , `18.4.0`\n - NVM LTS syntax: `lts/erbium`, `lts/fermium`, `lts/*`, `lts/-n`\n - Latest release: `*` or `latest`/`current`/`node`\n\n**Note:** Like the other values, `*` will get the latest [locally-cached Node.js version](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md#nodejs), or the latest version from [actions/node-versions](https://github.com/actions/node-versions/blob/main/versions-manifest.json), depending on the [`check-latest`](docs/advanced-usage.md#check-latest-version) input.\n\n`current`/`latest`/`node` always resolve to the latest [dist version](https://nodejs.org/dist/index.json).\nThat version is then downloaded from actions/node-versions if possible, or directly from Node.js if not.\nSince it will not be cached always, there is possibility of hitting rate limit when downloading from dist\n\n### Checking in lockfiles\n\nIt's **always** recommended to commit the lockfile of your package manager for security and performance reasons. For more information consult the \"Working with lockfiles\" section of the [Advanced usage](docs/advanced-usage.md#working-with-lockfiles) guide.\n\n## Caching global packages data\n\nThe action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional.\n\nCaching is turned on by default when a `packageManager` field is detected in the `package.json` file and no `cache` input is provided. The `package-manager-cache` input provides control over this automatic caching behavior. By default, `package-manager-cache` is set to `true`, which enables caching when a valid package manager field is detected in the `package.json` file. To disable this automatic caching, set the `package-manager-cache` input to `false`.\n\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-node@v5\n  with:\n    package-manager-cache: false\n- run: npm ci\n```\n\u003e If no valid `packageManager` field is detected in the `package.json` file, caching will remain disabled unless explicitly configured. For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching by setting `package-manager-cache: false` when caching is not needed for secure operation.\n\nThe action defaults to search for the dependency file (`package-lock.json`, `npm-shrinkwrap.json` or `yarn.lock`) in the repository root, and uses its hash as a part of the cache key. Use `cache-dependency-path` for cases when multiple dependency files are used, or they are located in different subdirectories.\n\n**Note:** The action does not cache `node_modules`\n\nSee the examples of using cache for `yarn`/`pnpm` and `cache-dependency-path` input in the [Advanced usage](docs/advanced-usage.md#caching-packages-data) guide.\n\n**Caching npm dependencies:**\n\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-node@v5\n  with:\n    node-version: 20\n    cache: 'npm'\n- run: npm ci\n- run: npm test\n```\n\n**Caching npm dependencies in monorepos:**\n\n```yaml\nsteps:\n- uses: actions/checkout@v5\n- uses: actions/setup-node@v5\n  with:\n    node-version: 20\n    cache: 'npm'\n    cache-dependency-path: subdir/package-lock.json\n- run: npm ci\n- run: npm test\n```\n\n## Matrix Testing\n\n```yaml\njobs:\n  build:\n    runs-on: ubuntu-latest\n    strategy:\n      matrix:\n        node: [ 14, 16, 18 ]\n    name: Node ${{ matrix.node }} sample\n    steps:\n      - uses: actions/checkout@v5\n      - name: Setup node\n        uses: actions/setup-node@v5\n        with:\n          node-version: ${{ matrix.node }}\n      - run: npm ci\n      - run: npm test\n```\n\n## Using `setup-node` on GHES\n\n`setup-node` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Nodejs distributions, `setup-node` downloads distributions from [`actions/node-versions`](https://github.com/actions/node-versions) on github.com (outside of the appliance). These calls to `actions/node-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks like: `##[error]API rate limit exceeded for...`. After that error the action will try to download versions directly from the official site, but it also can have rate limit so it's better to put token.\n\nTo get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:\n\n```yaml\nuses: actions/setup-node@v5\nwith:\n  token: ${{ secrets.GH_DOTCOM_TOKEN }}\n  node-version: 20\n```\n\nIf the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See \"[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)\" for more information.\n\n## Advanced usage\n\n - [Check latest version](docs/advanced-usage.md#check-latest-version)\n - [Using a node version file](docs/advanced-usage.md#node-version-file)\n - [Using different architectures](docs/advanced-usage.md#architecture)\n - [Using v8 canary versions](docs/advanced-usage.md#v8-canary-versions)\n - [Using nightly versions](docs/advanced-usage.md#nightly-versions)\n - [Using rc versions](docs/advanced-usage.md#rc-versions)\n - [Caching packages data](docs/advanced-usage.md#caching-packages-data)\n - [Using multiple operating systems and architectures](docs/advanced-usage.md#multiple-operating-systems-and-architectures)\n - [Publishing to npmjs and GPR with npm](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-npm)\n - [Publishing to npmjs and GPR with yarn](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-yarn)\n - [Using private packages](docs/advanced-usage.md#use-private-packages)\n\n## Recommended permissions\n\nWhen using the `setup-node` action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:\n\n```yaml\npermissions:\n  contents: read # access to check out code and install dependencies\n```\n\n## License\n\nThe scripts and documentation in this project are released under the [MIT License](LICENSE)\n\n## Contributions\n\nContributions are welcome! See [Contributor's Guide](docs/contributors.md)\n\n## Code of Conduct\n\n:wave: Be nice. See [our code of conduct](CODE_OF_CONDUCT.md)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions%2Fsetup-node","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factions%2Fsetup-node","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions%2Fsetup-node/lists"}