Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:247: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:346: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:369: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:378: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:422: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:427: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/CI.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/CI.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/CI.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/bench.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/bench.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/bench.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/bench.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/bench.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/bench.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude-code-review.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/claude-code-review.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude-code-review.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/claude-code-review.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/claude.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/claude.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/ecosystem-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/ecosystem-ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/lock.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-crates.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-crates.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-crates.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-crates.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-crates.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-crates.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-crates.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-crates.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:358: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:395: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:412: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:524: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:542: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:616: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:632: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:637: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:294: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:318: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-npm-package.yml:333: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish-npm-package.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/swc-project/swc/stale.yml/main?enable=pin
Warn: downloadThenRun not pinned by hash: .github/workflows/CI.yml:175
Warn: downloadThenRun not pinned by hash: .github/workflows/CI.yml:399
Warn: downloadThenRun not pinned by hash: .github/workflows/CI.yml:440
Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:460
Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:462
Warn: npmCommand not pinned by hash: .github/workflows/CI.yml:507
Warn: downloadThenRun not pinned by hash: .github/workflows/publish-npm-package.yml:649
Warn: downloadThenRun not pinned by hash: .github/workflows/publish-npm-package.yml:267
Warn: npmCommand not pinned by hash: .github/workflows/publish-npm-package.yml:384
Warn: npmCommand not pinned by hash: .github/workflows/publish-npm-package.yml:424
Info: 0 out of 48 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 25 third-party GitHubAction dependencies pinned
Info: 0 out of 5 downloadThenRun dependencies pinned
Info: 0 out of 5 npmCommand dependencies pinned