diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000..fe6ff025
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+*  @NodeSecure/tsc
diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml
index 0edafd28..915a4b88 100644
--- a/.github/workflows/cache.yml
+++ b/.github/workflows/cache.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Use Node.js ${{ matrix.node-version }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c4bea1df..e100c03b 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -43,7 +43,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            registry.npmjs.org:443
 
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 2efa0de3..77b03c05 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -20,20 +20,28 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            github.com:443
+            registry.npmjs.org:443
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: ${{ matrix.node-version }}
+      - name: Install socket firewall
+        run: npm i -g sfw
+      - name: Install playwright safely
+        run: sfw npm i -g playwright
       - name: Install dependencies
         run: npm install --ignore-scripts
       - name: Build
         run: npm run build
       - name: Install Playwright browsers
         if: matrix.os == 'ubuntu-latest'
-        run: npx playwright install --with-deps
+        run: npx --offline playwright install --with-deps
       - name: Run tests
         run: npm run coverage
       - name: Run e2e tests
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index a6878eb3..9a62ac57 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
 
       - name: "Checkout code"
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
diff --git a/.github/workflows/server.yml b/.github/workflows/server.yml
index d52c6b42..520c5ae7 100644
--- a/.github/workflows/server.yml
+++ b/.github/workflows/server.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Use Node.js ${{ matrix.node-version }}
diff --git a/.github/workflows/size-satisfies.yml b/.github/workflows/size-satisfies.yml
index be20de58..a058d4f5 100644
--- a/.github/workflows/size-satisfies.yml
+++ b/.github/workflows/size-satisfies.yml
@@ -24,7 +24,8 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
+
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Use Node.js ${{ matrix.node-version }}
@@ -36,4 +37,4 @@ jobs:
       - name: Build
         run: npm run build:workspaces
       - name: Run tests
-        run: npm run test
+        run: npm run test -w workspaces/size-satisfies
diff --git a/.github/workflows/vis-network.yml b/.github/workflows/vis-network.yml
index bbb8bfb2..a26968c4 100644
--- a/.github/workflows/vis-network.yml
+++ b/.github/workflows/vis-network.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          egress-policy: block
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Use Node.js ${{ matrix.node-version }}
@@ -36,4 +36,4 @@ jobs:
       - name: Build
         run: npm run build:workspaces
       - name: Run tests
-        run: npm run test
+        run: npm run test -w workspaces/vis-network