.github/dependabot.yml

@@ -1,22 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
-version: 2
-updates:
-  # Enable version updates for npm
-  - package-ecosystem: 'npm'
-    # Look for `package.json` and `lock` files in the `root` directory
-    directory: '/'
-    # Check the npm registry for updates every day (weekdays)
-    schedule:
-      interval: 'weekly'
-
-  # Enable version updates for GitHub Actions
-  - package-ecosystem: 'github-actions'
-    # Workflow files stored in the default location of `.github/workflows`
-    # You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.
-    directory: '/'
-    schedule:
-      interval: 'weekly'

.github/eslint-compact.json

@@ -4,7 +4,7 @@
             "owner": "eslint-compact",
             "pattern": [
                 {
-                    "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\\s([Ee]rror|[Ww]arning|[Ii]nfo)\\s-\\s(.+)\\s\\((.+)\\)$",
+                    "regexp": "^(.+):\\sline\\s(\\d+),\\scol\\s(\\d+),\\s(Error|Warning|Info)\\s-\\s(.+)\\s\\((.+)\\)$",
                     "file": 1,
                     "line": 2,
                     "column": 3,

.github/eslint-stylish.json

@@ -4,7 +4,7 @@
             "owner": "eslint-stylish",
             "pattern": [
                 {
-                    "regexp": "^\\s*([^\\s].*)$",
+                    "regexp": "^([^\\s].*)$",
                     "file": 1
                 },
                 {

.github/workflows/basic-validation.yml

@@ -15,5 +15,3 @@ jobs:
   call-basic-validation:
     name: Basic validation
     uses: actions/reusable-workflows/.github/workflows/basic-validation.yml@main
-    with:
-      node-version: '24.x'

.github/workflows/check-dist.yml

@@ -15,5 +15,3 @@ jobs:
   call-check-dist:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
-    with:
-      node-version: '24.x'

.github/workflows/e2e-cache.yml

@@ -18,10 +18,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Clean global cache
         run: npm cache clean --force
       - name: Setup Node
@@ -41,12 +41,12 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@v2
         with:
           version: 6.10.0
       - name: Generate pnpm file
@@ -74,14 +74,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20, 22, 24]
+        node-version: [14, 16]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Yarn version
         run: yarn --version
       - name: Generate yarn file
-        run: yarn install --ignore-engines
+        run: yarn install
       - name: Remove dependencies
         shell: pwsh
         run: Remove-Item node_modules -Force -Recurse
@@ -93,25 +93,25 @@ jobs:
           node-version: ${{ matrix.node-version }}
           cache: 'yarn'
       - name: Install dependencies
-        run: yarn install --ignore-engines
+        run: yarn install
       - name: Verify node and yarn
         run: __tests__/verify-node.sh "${{ matrix.node-version }}"
         shell: bash
 
-  node-yarn3-depencies-caching:
+  node-yarn2-depencies-caching:
-    name: Test yarn 3 (Node ${{ matrix.node-version}}, ${{ matrix.os }})
+    name: Test yarn 2 (Node ${{ matrix.node-version}}, ${{ matrix.os }})
     runs-on: ${{ matrix.os }}
     env:
       YARN_ENABLE_IMMUTABLE_INSTALLS: false
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Update yarn
-        run: yarn set version 3.6.4
+        run: yarn set version berry
       - name: Yarn version
         run: yarn --version
       - name: Generate simple .yarnrc.yml
@@ -139,11 +139,11 @@ jobs:
     name: Test yarn subprojects
     strategy:
       matrix:
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
 
       - name: prepare sub-projects
         run: __tests__/prepare-yarn-subprojects.sh yarn1
@@ -166,11 +166,11 @@ jobs:
     name: Test yarn subprojects all locally managed
     strategy:
       matrix:
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
 
       - name: prepare sub-projects
         run: __tests__/prepare-yarn-subprojects.sh keepcache keepcache
@@ -193,11 +193,11 @@ jobs:
     name: Test yarn subprojects some locally managed
     strategy:
       matrix:
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
 
       - name: prepare sub-projects
         run: __tests__/prepare-yarn-subprojects.sh global
@@ -220,11 +220,11 @@ jobs:
     name: Test yarn subprojects managed by git
     strategy:
       matrix:
-        node-version: [20, 22, 24]
+        node-version: [12, 14, 16]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
 
       - name: prepare sub-projects
         run: /bin/bash __tests__/prepare-yarn-subprojects.sh keepcache
@@ -243,62 +243,3 @@ jobs:
           cache-dependency-path: |
             sub2/*.lock
             sub3/*.lock
-
-  node-npm-packageManager-auto-cache:
-    name: Test auto cache with top-level packageManager
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
-        node-version: [20, 22, 24]
-    steps:
-      - uses: actions/checkout@v6
-      - name: Create package.json with packageManager field
-        run: |
-          echo '{ "name": "test-project", "version": "1.0.0", "packageManager": "npm@8.0.0" }' > package.json
-      - name: Clean global cache
-        run: npm cache clean --force
-      - name: Setup Node with caching enabled
-        uses: ./
-        with:
-          node-version: ${{ matrix.node-version }}
-      - name: Install dependencies
-        run: npm install
-      - name: Verify node and npm
-        run: __tests__/verify-node.sh "${{ matrix.node-version }}"
-        shell: bash
-
-  node-npm-devEngines-auto-cache:
-    name: Test auto cache with devEngines.packageManager
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
-        node-version: [20, 22, 24]
-    steps:
-      - uses: actions/checkout@v6
-      - name: Create package.json with devEngines field
-        run: |
-          echo '{
-            "name": "test-project",
-            "version": "1.0.0",
-            "devEngines": {
-              "packageManager": {
-                "name": "npm",
-                "onFail": "error"
-              }
-            }
-          }' > package.json
-      - name: Clean global cache
-        run: npm cache clean --force
-      - name: Setup Node with caching enabled
-        uses: ./
-        with:
-          node-version: ${{ matrix.node-version }}
-      - name: Install dependencies
-        run: npm install
-      - name: Verify node and npm
-        run: __tests__/verify-node.sh "${{ matrix.node-version }}"
-        shell: bash

.github/workflows/proxy.yml

@@ -25,15 +25,15 @@ jobs:
     env:
       https_proxy: http://squid-proxy:3128
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Clear tool cache
         run: rm -rf $RUNNER_TOOL_CACHE/*
-      - name: Setup node 24
+      - name: Setup node 14
         uses: ./
         with:
-          node-version: 24.x
+          node-version: 14.x
       - name: Verify node and npm
-        run: __tests__/verify-node.sh 24
+        run: __tests__/verify-node.sh 14
 
   test-bypass-proxy:
     runs-on: ubuntu-latest
@@ -41,12 +41,12 @@ jobs:
       https_proxy: http://no-such-proxy:3128
       no_proxy: api.github.com,github.com,nodejs.org,registry.npmjs.org,*.s3.amazonaws.com,s3.amazonaws.com
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Clear tool cache
         run: rm -rf $RUNNER_TOOL_CACHE/*
-      - name: Setup node 24
+      - name: Setup node 11
         uses: ./
         with:
-          node-version: 24
+          node-version: 11
       - name: Verify node and npm
-        run: __tests__/verify-node.sh 24
+        run: __tests__/verify-node.sh 11

.github/workflows/publish-immutable-actions.yml

@@ -1,20 +0,0 @@
-name: 'Publish Immutable Action Version'
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-
-    steps:
-      - name: Checking out
-        uses: actions/checkout@v6
-      - name: Publish
-        id: publish
-        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/release-new-action-version.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Update the ${{ env.TAG_NAME }} tag
-        uses: actions/publish-action@v0.4.0
+        uses: actions/publish-action@v0.2.2
         with:
           source-tag: ${{ env.TAG_NAME }}
           slack-webhook: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/versions.yml

@@ -17,10 +17,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20, 22, 24]
+        node-version: [10, 12, 14]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:
@@ -34,16 +34,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         node-version: [lts/dubnium, lts/erbium, lts/fermium, lts/*, lts/-1]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:
           node-version: ${{ matrix.node-version }}
           check-latest: true
-      - if: runner.os != 'Windows' && runner.os != 'macOS'
+      - if: runner.os != 'Windows'
         name: Verify node and npm
         run: |
           . "$NVM_DIR/nvm.sh"
@@ -56,7 +56,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         node-version:
           [
             '20-v8-canary',
@@ -64,7 +64,7 @@ jobs:
             '20.0.0-v8-canary20221101e50e45c9f8'
           ]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:
@@ -81,10 +81,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20-nightly, 25-nightly, 24.0.0-nightly]
+        node-version:
+          [16.0.0-nightly20210420a0261d231c, 17-nightly, 18.0.0-nightly]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:
@@ -101,10 +102,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20.0.0-rc.1, 22.14.0-rc.1, 24.0.0-rc.4]
+        node-version: [16.0.0-rc.1, 18.0.0-rc.2, 19.0.0-rc.0]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:
@@ -121,10 +122,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20.10.0, 22.0.0, 24.9.0]
+        node-version: [10.15, 12.16.0, 14.2.0, 16.3.0]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:
@@ -138,10 +139,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [20, 22, 24]
+        node-version: [10, 12, 14]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node and check latest
         uses: ./
         with:
@@ -156,57 +157,45 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         node-version-file:
           [.nvmrc, .tool-versions, .tool-versions-node, package.json]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
+      - name: Remove volta from package.json
+        shell: bash
+        run: cat <<< "$(jq 'del(.volta)' ./__tests__/data/package.json)" > ./__tests__/data/package.json
       - name: Setup node from node version file
         uses: ./
         with:
           node-version-file: '__tests__/data/${{ matrix.node-version-file }}'
       - name: Verify node
-        run: __tests__/verify-node.sh 24
+        run: __tests__/verify-node.sh 14
 
   version-file-volta:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup node from node version file
         uses: ./
         with:
-          node-version-file: '__tests__/data/package-volta.json'
+          node-version-file: '__tests__/data/package.json'
       - name: Verify node
-        run: __tests__/verify-node.sh 24
+        run: __tests__/verify-node.sh 16
-
-  version-file-volta-extends:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
-    steps:
-      - uses: actions/checkout@v6
-      - name: Setup node from node version file
-        uses: ./
-        with:
-          node-version-file: '__tests__/data/package-volta-extends.json'
-      - name: Verify node
-        run: __tests__/verify-node.sh 24
 
   node-dist:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
-        node-version: [17, 19]
+        node-version: [11, 13]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node from dist
         uses: ./
         with:
@@ -220,9 +209,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       # test old versions which didn't have npm and layout different
       - name: Setup node 0.12.18 from dist
         uses: ./
@@ -235,11 +224,11 @@ jobs:
   arch:
     runs-on: windows-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
-      - name: Setup node 20 x86 from dist
+      - name: Setup node 14 x86 from dist
         uses: ./
         with:
-          node-version: '20'
+          node-version: '14'
           architecture: 'x86'
       - name: Verify node
         run: __tests__/verify-arch.sh "ia32"
@@ -250,7 +239,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest, macos-latest-large]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         node-version: [current, latest, node]
     steps:
       - name: Get node version
@@ -259,7 +248,7 @@ jobs:
           echo "LATEST_NODE_VERSION=$latestNodeVersion" >> $GITHUB_OUTPUT
         id: version
         shell: bash
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v3
       - name: Setup Node
         uses: ./
         with:

README.md

@@ -12,36 +12,20 @@ This action provides the following functionality for GitHub Actions users:
 - Registering problem matchers for error output
 - Configuring authentication for GPR or npm
 
-## Breaking changes in V6
-
-- Caching is now automatically enabled for npm projects when either the `devEngines.packageManager` field or the top-level `packageManager` field in `package.json` is set to `npm`. For other package managers, such as Yarn and pnpm, caching is disabled by default and must be configured manually using the `cache` input.
-
-- The `always-auth` input has been removed, as it is deprecated and will no longer be supported in future npm releases. To ensure your workflows continue to run without warnings or errors, please remove any references to `always-auth` from your configuration.  
-
-## Breaking changes in V5 
-
-- Enabled caching by default with package manager detection if no cache input is provided.
-  > For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching by setting `package-manager-cache: false` when caching is not needed for secure operation.
-
-- Upgraded action from node20 to node24.
-  > Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1)
-
-For more details, see the full release notes on the [releases page](https://github.com/actions/setup-node/releases/v5.0.0)
-
 ## Usage
 
 See [action.yml](action.yml)
 
 <!-- start usage -->
 ```yaml
-- uses: actions/setup-node@v6
+- uses: actions/setup-node@v3
   with:
     # Version Spec of the version to use in SemVer notation.
-    # It also admits such aliases as lts/*, latest, nightly and canary builds
+    # It also emits such aliases as lts, latest, nightly and canary builds
     # Examples: 12.x, 10.15.1, >=10.15.0, lts/Hydrogen, 16-nightly, latest, node
     node-version: ''
 
-    # File containing the version Spec of the version to use.  Examples: package.json, .nvmrc, .node-version, .tool-versions.
+    # File containing the version Spec of the version to use.  Examples: .nvmrc, .node-version, .tool-versions.
     # If node-version and node-version-file are both provided the action will use version from node-version. 
     node-version-file: ''
 
@@ -73,11 +57,6 @@ See [action.yml](action.yml)
     # Default: ''
     cache: ''
 
-    # Controls automatic caching for npm. By default, caching for npm is enabled if either the devEngines.packageManager field or the top-level packageManager field in package.json specifies npm and no explicit cache input is provided.
-    # To disable automatic caching for npm, set package-manager-cache to false.
-    # default: true
-    package-manager-cache: true
-
     # Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. 
     # It will generate hash from the target file for primary key. It works only If cache is specified.  
     # Supports wildcards or a list of file names for caching multiple dependencies.
@@ -94,20 +73,9 @@ See [action.yml](action.yml)
     # Default: ''
     scope: ''
 
-    # Optional mirror to download binaries from.
+    # Set always-auth option in npmrc file.
-    # Artifacts need to match the official Node.js
-    # Example:
-    # V8 Canaray Build: <mirror_url>/download/v8-canary
-    # RC Build: <mirror_url>/download/rc
-    # Official: Build <mirror_url>/dist
-    # Nightly build: <mirror_url>/download/nightly
     # Default: ''
-    mirror: ''
+    always-auth: ''
-
-    # Optional mirror token.
-    # The token will be used as a bearer token in the Authorization header
-    # Default: ''
-    mirror-token: ''
 ```
 <!-- end usage -->
 
@@ -115,10 +83,10 @@ See [action.yml](action.yml)
 
 ```yaml
 steps:
-- uses: actions/checkout@v5
+- uses: actions/checkout@v3
-- uses: actions/setup-node@v6
+- uses: actions/setup-node@v3
   with:
-    node-version: 24
+    node-version: 18
 - run: npm ci
 - run: npm test
 ```
@@ -135,12 +103,12 @@ The `node-version` input supports the Semantic Versioning Specification, for mor
 
 Examples:
 
- - Major versions: `22`, `24`
+ - Major versions: `14`, `16`, `18`
- - More specific versions: `20.19`, `22.17.1` , `24.8.0`
+ - More specific versions: `10.15`, `16.15.1` , `18.4.0`
- - NVM LTS syntax: `lts/iron`, `lts/jod`, `lts/*`, `lts/-n`
+ - NVM LTS syntax: `lts/erbium`, `lts/fermium`, `lts/*`, `lts/-n`
  - Latest release: `*` or `latest`/`current`/`node`
 
-**Note:** Like the other values, `*` will get the latest [locally-cached Node.js version](https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md#nodejs), or the latest version from [actions/node-versions](https://github.com/actions/node-versions/blob/main/versions-manifest.json), depending on the [`check-latest`](docs/advanced-usage.md#check-latest-version) input.
+**Note:** Like the other values, `*` will get the latest [locally-cached Node.js version](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md#nodejs), or the latest version from [actions/node-versions](https://github.com/actions/node-versions/blob/main/versions-manifest.json), depending on the [`check-latest`](docs/advanced-usage.md#check-latest-version) input.
 
 `current`/`latest`/`node` always resolve to the latest [dist version](https://nodejs.org/dist/index.json).
 That version is then downloaded from actions/node-versions if possible, or directly from Node.js if not.
@@ -148,11 +116,11 @@ Since it will not be cached always, there is possibility of hitting rate limit w
 
 ### Checking in lockfiles
 
-It's **strongly recommended** to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the [Advanced usage](docs/advanced-usage.md#working-with-lockfiles) guide.
+It's **always** recommended to commit the lockfile of your package manager for security and performance reasons. For more information consult the "Working with lockfiles" section of the [Advanced usage](docs/advanced-usage.md#working-with-lockfiles) guide.
 
 ## Caching global packages data
 
-The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional.
+The action has a built-in functionality for caching and restoring dependencies. It uses [actions/cache](https://github.com/actions/cache) under the hood for caching global packages data but requires less configuration settings. Supported package managers are `npm`, `yarn`, `pnpm` (v6.10+). The `cache` input is optional, and caching is turned off by default.
 
 The action defaults to search for the dependency file (`package-lock.json`, `npm-shrinkwrap.json` or `yarn.lock`) in the repository root, and uses its hash as a part of the cache key. Use `cache-dependency-path` for cases when multiple dependency files are used, or they are located in different subdirectories.
 
@@ -164,10 +132,10 @@ See the examples of using cache for `yarn`/`pnpm` and `cache-dependency-path` in
 
 ```yaml
 steps:
-- uses: actions/checkout@v5
+- uses: actions/checkout@v3
-- uses: actions/setup-node@v6
+- uses: actions/setup-node@v3
   with:
-    node-version: 24
+    node-version: 16
     cache: 'npm'
 - run: npm ci
 - run: npm test
@@ -177,30 +145,16 @@ steps:
 
 ```yaml
 steps:
-- uses: actions/checkout@v5
+- uses: actions/checkout@v3
-- uses: actions/setup-node@v6
+- uses: actions/setup-node@v3
   with:
-    node-version: 24
+    node-version: 16
     cache: 'npm'
     cache-dependency-path: subdir/package-lock.json
 - run: npm ci
 - run: npm test
 ```
 
-Caching for npm dependencies is automatically enabled when your `package.json` contains either `devEngines.packageManager` field or top-level `packageManager` field set to `npm`, and no explicit cache input is provided.
-
-This behavior is controlled by the `package-manager-cache` input, which defaults to `true`. To turn off automatic caching, set `package-manager-cache` to `false`.
-
-```yaml
-steps:
-- uses: actions/checkout@v5
-- uses: actions/setup-node@v6
-  with:
-    package-manager-cache: false
-- run: npm ci
-```
-> If your `package.json` file does not include a `packageManager` field set to `npm`, caching will be disabled unless you explicitly enable it. For workflows with elevated privileges or access to sensitive information, we recommend disabling automatic caching for npm by setting `package-manager-cache: false` when caching is not required for secure operation.
-
 ## Matrix Testing
 
 ```yaml
@@ -209,12 +163,12 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node: [ 20, 22, 24 ]
+        node: [ 14, 16, 18 ]
     name: Node ${{ matrix.node }} sample
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v3
       - name: Setup node
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
       - run: npm ci
@@ -228,10 +182,10 @@ jobs:
 To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
 
 ```yaml
-uses: actions/setup-node@v6
+uses: actions/setup-node@v3
 with:
   token: ${{ secrets.GH_DOTCOM_TOKEN }}
-  node-version: 24
+  node-version: 16
 ```
 
 If the runner is not able to access github.com, any Nodejs versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.
@@ -249,16 +203,6 @@ If the runner is not able to access github.com, any Nodejs versions requested du
  - [Publishing to npmjs and GPR with npm](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-npm)
  - [Publishing to npmjs and GPR with yarn](docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-yarn)
  - [Using private packages](docs/advanced-usage.md#use-private-packages)
- - [Using private mirror](docs/advanced-usage.md#use-private-mirror)
-
-## Recommended permissions
-
-When using the `setup-node` action in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
-
-```yaml
-permissions:
-  contents: read # access to check out code and install dependencies
-```
 
 ## License
 

__tests__/authutil.test.ts

@@ -76,102 +76,115 @@ describe('authutil tests', () => {
   }
 
   it('Sets up npmrc for npmjs', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'false');
 
     expect(fs.statSync(rcFile)).toBeDefined();
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     const rc = readRcFile(rcFile);
     expect(rc['registry']).toBe('https://registry.npmjs.org/');
+    expect(rc['always-auth']).toBe('false');
   });
 
   it('Appends trailing slash to registry', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');
 
     expect(fs.statSync(rcFile)).toBeDefined();
     const rc = readRcFile(rcFile);
     expect(rc['registry']).toBe('https://registry.npmjs.org/');
+    expect(rc['always-auth']).toBe('false');
   });
 
   it('Configures scoped npm registries', async () => {
     process.env['INPUT_SCOPE'] = 'myScope';
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');
 
     expect(fs.statSync(rcFile)).toBeDefined();
     const rc = readRcFile(rcFile);
     expect(rc['@myscope:registry']).toBe('https://registry.npmjs.org/');
+    expect(rc['always-auth']).toBe('false');
   });
 
   it('Automatically configures GPR scope', async () => {
-    await auth.configAuthentication('npm.pkg.github.com');
+    await auth.configAuthentication('npm.pkg.github.com', 'false');
 
     expect(fs.statSync(rcFile)).toBeDefined();
     const rc = readRcFile(rcFile);
     expect(rc['@ownername:registry']).toBe('npm.pkg.github.com/');
+    expect(rc['always-auth']).toBe('false');
+  });
+
+  it('Sets up npmrc for always-auth true', async () => {
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
+    expect(fs.statSync(rcFile)).toBeDefined();
+    const rc = readRcFile(rcFile);
+    expect(rc['registry']).toBe('https://registry.npmjs.org/');
+    expect(rc['always-auth']).toBe('true');
   });
 
   it('is already set the NODE_AUTH_TOKEN export it', async () => {
     process.env.NODE_AUTH_TOKEN = 'foobar';
-    await auth.configAuthentication('npm.pkg.github.com');
+    await auth.configAuthentication('npm.pkg.github.com', 'false');
     expect(fs.statSync(rcFile)).toBeDefined();
     const rc = readRcFile(rcFile);
     expect(rc['@ownername:registry']).toBe('npm.pkg.github.com/');
+    expect(rc['always-auth']).toBe('false');
     expect(process.env.NODE_AUTH_TOKEN).toEqual('foobar');
   });
 
   it('configAuthentication should overwrite non-scoped with non-scoped', async () => {
     fs.writeFileSync(rcFile, 'registry=NNN');
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}registry=https://registry.npmjs.org/`
+      `//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
   it('configAuthentication should overwrite only non-scoped', async () => {
     fs.writeFileSync(rcFile, `registry=NNN${os.EOL}@myscope:registry=MMM`);
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `@myscope:registry=MMM${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}registry=https://registry.npmjs.org/`
+      `@myscope:registry=MMM${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
   it('configAuthentication should add non-scoped to scoped', async () => {
     fs.writeFileSync(rcFile, '@myscope:registry=NNN');
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `@myscope:registry=NNN${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}registry=https://registry.npmjs.org/`
+      `@myscope:registry=NNN${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
   it('configAuthentication should overwrite scoped with scoped', async () => {
     process.env['INPUT_SCOPE'] = 'myscope';
     fs.writeFileSync(rcFile, `@myscope:registry=NNN`);
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/`
+      `//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
   it('configAuthentication should overwrite only scoped', async () => {
     process.env['INPUT_SCOPE'] = 'myscope';
     fs.writeFileSync(rcFile, `registry=NNN${os.EOL}@myscope:registry=MMM`);
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `registry=NNN${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/`
+      `registry=NNN${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
   it('configAuthentication should add scoped to non-scoped', async () => {
     process.env['INPUT_SCOPE'] = 'myscope';
     fs.writeFileSync(rcFile, `registry=MMM`);
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `registry=MMM${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/`
+      `registry=MMM${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
@@ -181,20 +194,20 @@ describe('authutil tests', () => {
       rcFile,
       `@otherscope:registry=NNN${os.EOL}@myscope:registry=MMM`
     );
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `@otherscope:registry=NNN${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/`
+      `@otherscope:registry=NNN${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 
   it('configAuthentication should add scoped to another scoped', async () => {
     process.env['INPUT_SCOPE'] = 'myscope';
     fs.writeFileSync(rcFile, `@otherscope:registry=MMM`);
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
     const contents = fs.readFileSync(rcFile, {encoding: 'utf8'});
     expect(contents).toBe(
-      `@otherscope:registry=MMM${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/`
+      `@otherscope:registry=MMM${os.EOL}//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}${os.EOL}@myscope:registry=https://registry.npmjs.org/${os.EOL}always-auth=true`
     );
   });
 });

__tests__/cache-restore.test.ts

@@ -2,7 +2,6 @@ import * as core from '@actions/core';
 import * as cache from '@actions/cache';
 import * as path from 'path';
 import * as glob from '@actions/glob';
-import osm from 'os';
 
 import * as utils from '../src/cache-utils';
 import {restoreCache} from '../src/cache-restore';
@@ -13,7 +12,6 @@ describe('cache-restore', () => {
     process.env.RUNNER_OS = 'Linux';
   }
   const platform = process.env.RUNNER_OS;
-  const arch = 'arm64';
   const commonPath = '/some/random/path';
   const npmCachePath = `${commonPath}/npm`;
   const pnpmCachePath = `${commonPath}/pnpm`;
@@ -54,7 +52,6 @@ describe('cache-restore', () => {
   let getCommandOutputSpy: jest.SpyInstance;
   let restoreCacheSpy: jest.SpyInstance;
   let hashFilesSpy: jest.SpyInstance;
-  let archSpy: jest.SpyInstance;
 
   beforeEach(() => {
     // core
@@ -105,10 +102,6 @@ describe('cache-restore', () => {
 
     // cache-utils
     getCommandOutputSpy = jest.spyOn(utils, 'getCommandOutput');
-
-    // os
-    archSpy = jest.spyOn(osm, 'arch');
-    archSpy.mockImplementation(() => arch);
   });
 
   describe('Validate provided package manager', () => {
@@ -142,7 +135,7 @@ describe('cache-restore', () => {
         await restoreCache(packageManager, '');
         expect(hashFilesSpy).toHaveBeenCalled();
         expect(infoSpy).toHaveBeenCalledWith(
-          `Cache restored from key: node-cache-${platform}-${arch}-${packageManager}-${fileHash}`
+          `Cache restored from key: node-cache-${platform}-${packageManager}-${fileHash}`
         );
         expect(infoSpy).not.toHaveBeenCalledWith(
           `${packageManager} cache is not found`

__tests__/cache-save.test.ts

@@ -114,10 +114,10 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CachePrimaryKey || key === State.CacheMatchedKey
-            ? yarnFileHash
+          ? yarnFileHash
-            : key === State.CachePaths
+          : key === State.CachePaths
-              ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-              : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -138,10 +138,10 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CachePrimaryKey || key === State.CacheMatchedKey
-            ? yarnFileHash
+          ? yarnFileHash
-            : key === State.CachePaths
+          : key === State.CachePaths
-              ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-              : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -162,10 +162,10 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CachePrimaryKey || key === State.CacheMatchedKey
-            ? yarnFileHash
+          ? yarnFileHash
-            : key === State.CachePaths
+          : key === State.CachePaths
-              ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-              : 'not expected'
+          : 'not expected'
       );
       getCommandOutputSpy.mockImplementationOnce(() => `${commonPath}/npm`);
 
@@ -184,10 +184,10 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CachePrimaryKey || key === State.CacheMatchedKey
-            ? yarnFileHash
+          ? yarnFileHash
-            : key === State.CachePaths
+          : key === State.CachePaths
-              ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-              : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -207,12 +207,12 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CacheMatchedKey
-            ? yarnFileHash
+          ? yarnFileHash
-            : key === State.CachePrimaryKey
+          : key === State.CachePrimaryKey
-              ? npmFileHash
+          ? npmFileHash
-              : key === State.CachePaths
+          : key === State.CachePaths
-                ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-                : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -237,12 +237,12 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CacheMatchedKey
-            ? yarnFileHash
+          ? yarnFileHash
-            : key === State.CachePrimaryKey
+          : key === State.CachePrimaryKey
-              ? npmFileHash
+          ? npmFileHash
-              : key === State.CachePaths
+          : key === State.CachePaths
-                ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-                : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -267,12 +267,12 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CacheMatchedKey
-            ? npmFileHash
+          ? npmFileHash
-            : key === State.CachePrimaryKey
+          : key === State.CachePrimaryKey
-              ? yarnFileHash
+          ? yarnFileHash
-              : key === State.CachePaths
+          : key === State.CachePaths
-                ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-                : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -297,12 +297,12 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CacheMatchedKey
-            ? pnpmFileHash
+          ? pnpmFileHash
-            : key === State.CachePrimaryKey
+          : key === State.CachePrimaryKey
-              ? npmFileHash
+          ? npmFileHash
-              : key === State.CachePaths
+          : key === State.CachePaths
-                ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-                : 'not expected'
+          : 'not expected'
       );
 
       await run();
@@ -327,12 +327,12 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CacheMatchedKey
-            ? npmFileHash
+          ? npmFileHash
-            : key === State.CachePrimaryKey
+          : key === State.CachePrimaryKey
-              ? yarnFileHash
+          ? yarnFileHash
-              : key === State.CachePaths
+          : key === State.CachePaths
-                ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-                : 'not expected'
+          : 'not expected'
       );
       saveCacheSpy.mockImplementation(() => {
         return -1;
@@ -360,12 +360,12 @@ describe('run', () => {
         key === State.CachePackageManager
           ? inputs['cache']
           : key === State.CacheMatchedKey
-            ? npmFileHash
+          ? npmFileHash
-            : key === State.CachePrimaryKey
+          : key === State.CachePrimaryKey
-              ? yarnFileHash
+          ? yarnFileHash
-              : key === State.CachePaths
+          : key === State.CachePaths
-                ? '["/foo/bar"]'
+          ? '["/foo/bar"]'
-                : 'not expected'
+          : 'not expected'
       );
       saveCacheSpy.mockImplementation(() => {
         throw new cache.ValidationError('Validation failed');

__tests__/cache-utils.test.ts

@@ -6,7 +6,7 @@ import {
   PackageManagerInfo,
   isCacheFeatureAvailable,
   supportedPackageManagers,
-  isGhes,
+  getCommandOutput,
   resetProjectDirectoriesMemoized
 } from '../src/cache-utils';
 import fs from 'fs';
@@ -361,41 +361,3 @@ describe('cache-utils', () => {
     );
   });
 });
-
-describe('isGhes', () => {
-  const pristineEnv = process.env;
-
-  beforeEach(() => {
-    jest.resetModules();
-    process.env = {...pristineEnv};
-  });
-
-  afterAll(() => {
-    process.env = pristineEnv;
-  });
-
-  it('returns false when the GITHUB_SERVER_URL environment variable is not defined', () => {
-    delete process.env['GITHUB_SERVER_URL'];
-    expect(isGhes()).toBeFalsy();
-  });
-
-  it('returns false when the GITHUB_SERVER_URL environment variable is set to github.com', () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://github.com';
-    expect(isGhes()).toBeFalsy();
-  });
-
-  it('returns false when the GITHUB_SERVER_URL environment variable is set to a GitHub Enterprise Cloud-style URL', () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://contoso.ghe.com';
-    expect(isGhes()).toBeFalsy();
-  });
-
-  it('returns false when the GITHUB_SERVER_URL environment variable has a .localhost suffix', () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://mock-github.localhost';
-    expect(isGhes()).toBeFalsy();
-  });
-
-  it('returns true when the GITHUB_SERVER_URL environment variable is set to some other URL', () => {
-    process.env['GITHUB_SERVER_URL'] = 'https://src.onpremise.fabrikam.com';
-    expect(isGhes()).toBeTruthy();
-  });
-});