From c1c98442df2cc5b3233d905bf55dedc0faf113f4 Mon Sep 17 00:00:00 2001
From: Ralph Slooten <axllent@gmail.com>
Date: Thu, 28 May 2026 21:36:01 +1200
Subject: [PATCH] Security: Do not use npm cache to prevent cache poisoning

---
 .github/workflows/build-release.yml | 1 -
 .github/workflows/tests.yml         | 1 -
 2 files changed, 2 deletions(-)

diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
index 1bacd02..0b79599 100644
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -27,7 +27,6 @@ jobs:
     - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
       with:
         node-version: 22
-        cache: 'npm'
     - run: echo "Building assets for ${{ github.ref_name }}"
     - run: npm ci
     - run: npm run package
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index df0af9f..a4cede3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -41,7 +41,6 @@ jobs:
       uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
       with:
         node-version: 22
-        cache: 'npm'
     - name: Install JavaScript dependencies
       if: startsWith(matrix.os, 'ubuntu') == true
       run: npm ci