README.md

# npm audit action

[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=master)](https://coveralls.io/github/oke-py/npm-audit-action?branch=master)

GitHub Action to run `npm audit`

## Feature

### Create a Pull Request comment

If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.

### Create an Issue

If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.

![image](https://github.com/oke-py/npm-audit-action/blob/master/issue.png)

## Usage

### Inputs

|Parameter|Required|Default Value|Description|
|:--:|:--:|:--:|:--|
|issue_assignees|false|N/A|Issue assignees (separated by commma)|
|issue_labels|false|N/A|Issue labels (separated by commma)|
|issue_title|false|npm audit found vulnerabilities|Issue title|
|token|true|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|

### Outputs

N/A

## Example Workflow

```yaml
name: npm audit

on:
  pull_request:
  push:
    branches:
      - master
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v1.2.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test
```

- - -

This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).
setup repo & run `npm audit` (#1) 2019-12-08 22:10:35 +09:00			`# npm audit action`
Initial commit 2019-12-08 19:17:13 +09:00
Measure test coverage (#16) * define npm run coverage * Revert "define npm run coverage" This reverts commit 32133d33412105d167226ac31c4f7875f85716ab. * use coverallsapp/github-action@master * Give --coverage option to npm test * Add coveralls badge 2019-12-09 16:00:28 +09:00			`[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=master)](https://coveralls.io/github/oke-py/npm-audit-action?branch=master)`

setup repo & run `npm audit` (#1) 2019-12-08 22:10:35 +09:00			GitHub Action to run `npm audit`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00
Update README (#33) 2019-12-15 10:49:06 +09:00			`## Feature`

			`### Create a Pull Request comment`

			If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.

			`### Create an Issue`

			If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.
Add image and example to README.md 2019-12-09 14:13:56 +09:00
			`![image](https://github.com/oke-py/npm-audit-action/blob/master/issue.png)`

Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00			`## Usage`

			`### Inputs`

			`\|Parameter\|Required\|Default Value\|Description\|`
			`\|:--:\|:--:\|:--:\|:--\|`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`\|issue_assignees\|false\|N/A\|Issue assignees (separated by commma)\|`
			`\|issue_labels\|false\|N/A\|Issue labels (separated by commma)\|`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00			`\|issue_title\|false\|npm audit found vulnerabilities\|Issue title\|`
			`\|token\|true\|N/A\|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.\|`
Set Issue assignees by inputs (#10) * Set Issue assignees by inputs * remove unused file * Revert "remove unused file" This reverts commit f308fad240706376cf21c6df7490b84c66ef1905. * npm run all * add heading to README * create issue templates 2019-12-09 09:41:29 +09:00
			`### Outputs`

			`N/A`

			`## Example Workflow`

Add image and example to README.md 2019-12-09 14:13:56 +09:00			```yaml
			`name: npm audit`

Update README (#33) 2019-12-15 10:49:06 +09:00			`on:`
			`pull_request:`
			`push:`
			`branches:`
			`- master`
			`- 'releases/*'`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`# on:`
			`# schedule:`
			`# - cron: '0 10 * * *'`

			`jobs:`
			`scan:`
			`name: npm audit`
			`runs-on: ubuntu-latest`
			`steps:`
update actions/checkout to v2 (#37) 2020-01-27 20:48:43 +09:00			`- uses: actions/checkout@v2`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`- name: install dependencies`
			`run: npm ci`
update npm-audit-action to v1.2.0 (#50) 2020-03-14 20:35:30 +09:00			`- uses: oke-py/npm-audit-action@v1.2.0`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`with:`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`github_token: ${{ secrets.GITHUB_TOKEN }}`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`issue_assignees: oke-py`
			`issue_labels: vulnerability,test`
			```
Execute daily scan (#19) * Update README.md * run `npm audit` daily 2019-12-09 19:59:47 +09:00
			`- - -`

			`This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).`