From 80a1eb6c5dd32e3f61f4f6fcbce74ef2adaa9a69 Mon Sep 17 00:00:00 2001
From: Blake Embrey <hello@blakeembrey.com>
Date: Mon, 8 Apr 2024 14:31:26 -0700
Subject: [PATCH] Adjust CI permissions

---
 .github/workflows/ci.yml        | 3 ++-
 .github/workflows/scorecard.yml | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 35714de..23c96d7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,6 +2,8 @@ name: CI
 on:
   - push
   - pull_request
+permissions:
+  contents: read
 jobs:
   test:
     name: Node.js ${{ matrix.node-version }}
@@ -22,7 +24,6 @@ jobs:
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-node-
-      - run: npm install -g npm@8
       - run: npm ci
       - run: npm test
       - uses: codecov/codecov-action@v1
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 0e064f4..5fcb48c 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -11,12 +11,13 @@ on:
   # To guarantee Maintained check is occasionally updated. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
-    - cron: '16 21 * * 1'
+    - cron: "16 21 * * 1"
   push:
-    branches: [ "master" ]
+    branches: ["master"]
 
 # Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   analysis: