README.md

# npm audit action

[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=main)](https://coveralls.io/github/oke-py/npm-audit-action?branch=main)

GitHub Action to run `npm audit`

## Feature

### Create a Pull Request comment

If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.

### Create an Issue

If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.

![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)

## Usage

### Inputs

|Parameter|Required|Default Value|Description|
|:--:|:--:|:--:|:--|
|audit_level|false|low|The value of `--audit-level` flag|
|create_issues|false|true|Flag to create issues when vulnerabilities are found|
|create_pr_comments|false|true|Flag to create pr comments when vulnerabilities are found|
|dedupe_issues|false|false|Flag to de-dupe against open issues|
|github_context|false|`${{ toJson(github) }}`|The `github` context|
|github_token|true|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
|issue_assignees|false|N/A|Issue assignees (separated by commma)|
|issue_labels|false|N/A|Issue labels (separated by commma)|
|issue_title|false|npm audit found vulnerabilities|Issue title|
|json_flag|false|false|Run `npm audit` with `--json`|
|production_flag|false|false|Run `npm audit` with `--omit=dev`|
|working_directory|false|N/A|The directory which contains package.json|

### Outputs

|Parameter name|Description|
|:--:|:--|
|npm_audit|The output of the npm audit report in a text format|

## Example Workflow

```yaml
name: npm audit

on:
  pull_request:
  push:
    branches:
      - main
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v2
        with:
          audit_level: moderate
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test
          dedupe_issues: true
```

- - -

This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).
setup repo & run `npm audit` (#1) 2019-12-08 22:10:35 +09:00			`# npm audit action`
Initial commit 2019-12-08 19:17:13 +09:00
chore: fix a broken link in README (#92) * chore: fix a broken link in README * chore: fix branch name 2021-10-02 21:51:01 +09:00			`[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=main)](https://coveralls.io/github/oke-py/npm-audit-action?branch=main)`
Measure test coverage (#16) * define npm run coverage * Revert "define npm run coverage" This reverts commit 32133d33412105d167226ac31c4f7875f85716ab. * use coverallsapp/github-action@master * Give --coverage option to npm test * Add coveralls badge 2019-12-09 16:00:28 +09:00
setup repo & run `npm audit` (#1) 2019-12-08 22:10:35 +09:00			GitHub Action to run `npm audit`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00
Update README (#33) 2019-12-15 10:49:06 +09:00			`## Feature`

			`### Create a Pull Request comment`

			If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.

			`### Create an Issue`

			If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.
Add image and example to README.md 2019-12-09 14:13:56 +09:00
chore: fix a broken link in README (#92) * chore: fix a broken link in README * chore: fix branch name 2021-10-02 21:51:01 +09:00			`![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)`
Add image and example to README.md 2019-12-09 14:13:56 +09:00
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00			`## Usage`

			`### Inputs`

			`\|Parameter\|Required\|Default Value\|Description\|`
			`\|:--:\|:--:\|:--:\|:--\|`
filter vulnerabilities by audit_level (#55) * filter vulnerabilities by audit_level * update README.md * fix test cases * restrict audit_level value * update dist/index.js 2020-03-21 07:08:53 +09:00			\|audit_level\|false\|low\|The value of `--audit-level` flag\|
[skip ci] docs: update inputs description 2023-01-02 10:32:48 +09:00			`\|create_issues\|false\|true\|Flag to create issues when vulnerabilities are found\|`
			`\|create_pr_comments\|false\|true\|Flag to create pr comments when vulnerabilities are found\|`
			`\|dedupe_issues\|false\|false\|Flag to de-dupe against open issues\|`
[skip ci] docs: add missing inputs description 2023-01-02 10:25:02 +09:00			\|github_context\|false\|`${{ toJson(github) }}`\|The `github` context\|
[skip ci] docs: sort action inputs alphabetically 2023-01-02 10:23:32 +09:00			`\|github_token\|true\|N/A\|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.\|`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`\|issue_assignees\|false\|N/A\|Issue assignees (separated by commma)\|`
			`\|issue_labels\|false\|N/A\|Issue labels (separated by commma)\|`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00			`\|issue_title\|false\|npm audit found vulnerabilities\|Issue title\|`
[skip ci] docs: update inputs description 2023-01-02 10:32:48 +09:00			\|json_flag\|false\|false\|Run `npm audit` with `--json`\|
			\|production_flag\|false\|false\|Run `npm audit` with `--omit=dev`\|
			`\|working_directory\|false\|N/A\|The directory which contains package.json\|`
Set Issue assignees by inputs (#10) * Set Issue assignees by inputs * remove unused file * Revert "remove unused file" This reverts commit f308fad240706376cf21c6df7490b84c66ef1905. * npm run all * add heading to README * create issue templates 2019-12-09 09:41:29 +09:00
			`### Outputs`

feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`\|Parameter name\|Description\|`
			`\|:--:\|:--\|`
			`\|npm_audit\|The output of the npm audit report in a text format\|`
Set Issue assignees by inputs (#10) * Set Issue assignees by inputs * remove unused file * Revert "remove unused file" This reverts commit f308fad240706376cf21c6df7490b84c66ef1905. * npm run all * add heading to README * create issue templates 2019-12-09 09:41:29 +09:00
			`## Example Workflow`

Add image and example to README.md 2019-12-09 14:13:56 +09:00			```yaml
			`name: npm audit`

Update README (#33) 2019-12-15 10:49:06 +09:00			`on:`
			`pull_request:`
			`push:`
			`branches:`
chore: fix a broken link in README (#92) * chore: fix a broken link in README * chore: fix branch name 2021-10-02 21:51:01 +09:00			`- main`
Update README (#33) 2019-12-15 10:49:06 +09:00			`- 'releases/*'`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`# on:`
			`# schedule:`
			`# - cron: '0 10 * * *'`

			`jobs:`
			`scan:`
			`name: npm audit`
			`runs-on: ubuntu-latest`
			`steps:`
docs: update actions/checkout 2022-12-10 22:22:40 +09:00			`- uses: actions/checkout@v3`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`- name: install dependencies`
			`run: npm ci`
Update default runtime to node16 (#118) * Update default runtime to node16 * update dependencies * 2.0.0 2022-03-26 15:31:24 +09:00			`- uses: oke-py/npm-audit-action@v2`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`with:`
filter vulnerabilities by audit_level (#55) * filter vulnerabilities by audit_level * update README.md * fix test cases * restrict audit_level value * update dist/index.js 2020-03-21 07:08:53 +09:00			`audit_level: moderate`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`github_token: ${{ secrets.GITHUB_TOKEN }}`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			`issue_assignees: oke-py`
			`issue_labels: vulnerability,test`
update example & daily scan to use v1.5.0 with dedupe_issues=true 2020-05-28 07:24:52 +09:00			`dedupe_issues: true`
Add image and example to README.md 2019-12-09 14:13:56 +09:00			```
Execute daily scan (#19) * Update README.md * run `npm audit` daily 2019-12-09 19:59:47 +09:00
			`- - -`

			`This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).`