Last 12 weeks · 0 commits
1 of 6 standards met
Adds a workflow-level block to . The test workflow only reads the repository contents; it does not push, comment, or release. Declaring the minimum scope means a compromised third-party action cannot abuse the run's token to escalate. This is the pattern GitHub recommends in their token hardening guide and is what OpenSSF Scorecard's check looks for. A recent reminder of why this matters: tj-actions/changed-files compromise in March 2025 (CVE-2025-30066). Verified with .
Repository: remix-run/remix-v2-website. Description: Remix v2 Docs Website Stars: 4, Forks: 25. Primary language: TypeScript. Languages: TypeScript (91.8%), CSS (6.7%), JavaScript (1.2%), Shell (0.3%). Open PRs: 1, open issues: 0. Last activity: 4mo ago. Community health: 25%. Top contributors: brophdawg11, brookslybrand, chillinPanda, remix-run-bot, huangkevin-apr.