diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index 7c13abd..370cda8 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -67,7 +67,16 @@ jobs:
         uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           disable-sudo: true
-          egress-policy: audit
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            objects.githubusercontent.com:443
+            nodejs.org:443
+            fulcio.sigstore.dev:443
+            registry.npmjs.org:443
+            rekor.sigstore.dev:443
+            npm.pkg.github.com:443
 
       - name: Publish package
         uses: myrotvorets/composite-actions/node-publish@master