combobox-nav icon indicating copy to clipboard operation
combobox-nav copied to clipboard
verified publisher icon github

Potential fix for code scanning alert no. 2: Workflow does not contain permissions

Open cinderellasecure opened this issue 2 months ago • 0 comments

Potential fix for https://github.com/github/combobox-nav/security/code-scanning/2

To fix the problem, add an explicit permissions block defining the minimum needed permissions for this workflow. Since the workflow only checks out code and runs builds/tests (not publishing, releasing, or any steps requiring write permissions), it likely only needs read-level access to repository contents. The change can be implemented by inserting a permissions: block at the workflow root (above jobs:). Editing the .github/workflows/nodejs.yml file, add:

permissions:
  contents: read

at line 10 (after the on: block and before jobs:). No additional imports, definitions, or changes are needed elsewhere.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

cinderellasecure avatar Nov 03 '25 17:11 cinderellasecure