From ec2b7ce98bb99a1642486610dd01170d9bfcb7b5 Mon Sep 17 00:00:00 2001
From: GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>
Date: Thu, 2 Apr 2026 04:53:17 +0200
Subject: [PATCH] ci: install puppeteer with sfw & run npx safely

---
 .github/workflows/nodejs.yml  | 6 +++++-
 .github/workflows/publish.yml | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 8479c13..60fbf15 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -28,8 +28,12 @@ jobs:
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
         with:
           node-version: ${{ matrix.node-version }}
+      - name: Install socket firewall
+        run: npm i -g sfw
+      - name: Install puppeteer safely
+        run: sfw npm i -g puppeteer
       - name: Install chromium
-        run: npx puppeteer browsers install chrome
+        run: npx --no --offline puppeteer browsers install chrome
       - name: Install dependencies
         run: npm install --ignore-scripts
       - name: build
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8eb9800..7784a39 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -23,8 +23,12 @@ jobs:
       # Ensure npm 11.5.1 or later is installed
       - name: Update npm
         run: npm install -g npm@latest
+      - name: Install socket firewall
+        run: npm i -g sfw
+      - name: Install puppeteer safely
+        run: sfw npm i -g puppeteer
       - name: Install chromium
-        run: npx puppeteer browsers install chrome
+        run: npx --no --offline puppeteer browsers install chrome
       - run: npm install --ignore-scripts
       - run: npm run build --if-present
       - run: npm test