nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #254 from oke-py/chore/format-code

Browse Source 
style(format): format code with Prettier
This commit is contained in:
Naoki Oketani
2025-05-05 22:40:55 +09:00
committed by GitHub
parent c2c82aa5b2 f45ed00267
commit c3b3f890cf
7 changed files with 91 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.clinerules/rules.md
View File

@@ -1,21 +1,27 @@
# Cline Rules
This document outlines the development guidelines and best practices for our TypeScript/JavaScript projects.
This document outlines the development guidelines and best practices for our
TypeScript/JavaScript projects.
## Project Configuration
### TypeScript/JavaScript Best Practices
- **TypeScript Configuration**
- Use `strict: true` in tsconfig.json to enable all strict type checking options
- Enable `esModuleInterop` for better interoperability between CommonJS and ES Modules
- Use `strict: true` in tsconfig.json to enable all strict type checking
options
- Enable `esModuleInterop` for better interoperability between CommonJS and ES
Modules
- Set `target` to ES2020 for modern JavaScript features
- Use `module: NodeNext` for the latest Node.js module resolution
- Use `noImplicitAny: true` to ensure all types are explicitly defined
- Configure `outDir: "./lib"` and `rootDir: "./src"` to control the output directory structure
- Configure `outDir: "./lib"` and `rootDir: "./src"` to control the output
directory structure
- Set `baseUrl: "./"` and configure `paths` for module resolution
- **Code Formatting**
- Use Prettier for consistent code formatting with the following settings:
- Maximum line width of 80 characters (`printWidth: 80`)
- 2-space indentation (`tabWidth: 2`)
@@ -26,7 +32,8 @@ This document outlines the development guidelines and best practices for our Typ
- No trailing commas (`trailingComma: "none"`)
- Include spaces in object literals (`bracketSpacing: true`)
- Place closing brackets on the same line (`bracketSameLine: true`)
- Always include parentheses around arrow function parameters (`arrowParens: "always"`)
- Always include parentheses around arrow function parameters
(`arrowParens: "always"`)
- Always wrap prose (`proseWrap: "always"`)
- CSS-based HTML whitespace sensitivity (`htmlWhitespaceSensitivity: "css"`)
- Use LF line endings (`endOfLine: "lf"`)
@@ -35,16 +42,19 @@ This document outlines the development guidelines and best practices for our Typ
- camelCase for variables and functions
- PascalCase for classes, interfaces, and type aliases
- UPPER_CASE allowed for constants
- Run `npm run format` to automatically format all TypeScript files according to project standards
- Run `npm run format` to automatically format all TypeScript files according
to project standards
- Ensure code formatting is checked in CI with `npm run format-check`
- **Package Management**
- Use npm with package-lock.json for consistent dependency management
- Regularly update dependencies and run security audits
- Specify exact versions for critical dependencies
- Use `npm ci` instead of `npm install` in CI/CD pipelines
- **Testing**
- Write unit tests for all business logic
- Aim for high test coverage (at least 80%)
- Use Vitest as the testing framework
@@ -55,7 +65,8 @@ This document outlines the development guidelines and best practices for our Typ
- Use Rollup for bundling the code
- Run `npm run package` to bundle the code with Rollup
- Run `npm run all` to format, lint, test, and package the project
- Note that dist/index.js updates are handled by GitHub Actions and should not be included in commits or pull requests
- Note that dist/index.js updates are handled by GitHub Actions and should not
be included in commits or pull requests
## Git Workflow
@@ -66,7 +77,8 @@ This document outlines the development guidelines and best practices for our Typ
- Example: `fix(auth): resolve token validation issue`
- Common types: feat, fix, docs, style, refactor, test, chore
- Keep commit messages concise but descriptive
- Reference issue numbers when applicable: `fix(api): correct response format (#123)`
- Reference issue numbers when applicable:
`fix(api): correct response format (#123)`
### Branches
@@ -80,7 +92,8 @@ This document outlines the development guidelines and best practices for our Typ
### Pull Requests
- **IMPORTANT**: Write PR titles and descriptions in English ONLY, NOT in Japanese
- **IMPORTANT**: Write PR titles and descriptions in English ONLY, NOT in
Japanese
- Use clear, descriptive titles that summarize the changes
- Include detailed descriptions explaining:
- What changes were made
@@ -88,12 +101,17 @@ This document outlines the development guidelines and best practices for our Typ
- Any potential side effects or areas to test
- Reference related issues using GitHub keywords (Fixes #123, Closes #456)
- Use the GitHub CLI (`gh` command) to create pull requests:
```bash
gh pr create --title 'Your PR title' --body 'Detailed description' --base main
```
- Enclose title and body in single quotes (`'`) to handle spaces and special characters
- For multi-line body text, use actual line breaks instead of `\n` escape sequences
- Enclose title and body in single quotes (`'`) to handle spaces and special
characters
- For multi-line body text, use actual line breaks instead of `\n` escape
sequences
- Format the body text with Markdown for better readability:
```bash
gh pr create --title 'fix: resolve issue with authentication' --body 'Fixed the authentication issue by updating the token validation logic.

6
.devcontainer/devcontainer.json
View File

@@ -4,9 +4,7 @@
"postCreateCommand": "npm install",
"customizations": {
"codespaces": {
"openFiles": [
"README.md"
]
"openFiles": ["README.md"]
},
"vscode": {
"extensions": [
@@ -38,4 +36,4 @@
"ghcr.io/devcontainers/features/github-cli:1": {},
"ghcr.io/devcontainers-contrib/features/prettier:1": {}
}
}
}

2
.github/ISSUE_TEMPLATE/bug-report.md vendored
View File

@@ -2,13 +2,11 @@
name: Bug Report
about: Report a bug encountered while using npm-audit-action
labels: bug
---
<!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks!
-->
**What happened**:
**What you expected to happen**:

2
.github/ISSUE_TEMPLATE/enhancement.md vendored
View File

@@ -2,8 +2,8 @@
name: Enhancement Request
about: Suggest an enhancement to npm-audit-action
labels: enhancement
---
<!-- Please only use this template for submitting enhancement requests -->
**What would you like to be added**:

42
DEVELOPMENT.md
View File

@@ -19,7 +19,8 @@
### Running Tests
This project uses [Vitest](https://vitest.dev/) for testing. To run the tests, use the following command:
This project uses [Vitest](https://vitest.dev/) for testing. To run the tests,
use the following command:
```bash
npm run test
@@ -39,7 +40,8 @@ The coverage report will be available in the `coverage` directory.
## Release Process
This project follows semantic versioning (SemVer) for releases. The release process is partially automated through GitHub Actions workflows.
This project follows semantic versioning (SemVer) for releases. The release
process is partially automated through GitHub Actions workflows.
### Major Version Release Procedure
@@ -66,6 +68,7 @@ For major version releases (e.g., v2.x.x to v3.0.0), follow these steps:
3. **Update References in Documentation and Workflows**
Update all references to the previous major version in:
- README.md (usage examples)
- Workflow files in `.github/workflows/` directory
- Any other documentation or code referencing the version
@@ -78,31 +81,41 @@ For major version releases (e.g., v2.x.x to v3.0.0), follow these steps:
git push origin feature/update-to-vX
```
Create a pull request on GitHub with a clear description of the major version changes.
Create a pull request on GitHub with a clear description of the major version
changes.
5. **Review and Merge**
After code review and all checks pass, merge the pull request into the main branch.
After code review and all checks pass, merge the pull request into the main
branch.
6. **Wait for dist/index.js Update**
After merging to the main branch, the `update dist/index.js` workflow will automatically run to compile the TypeScript code and update the dist/index.js file. This will create a new commit with the message "chore(build): automated change".
After merging to the main branch, the `update dist/index.js` workflow will
automatically run to compile the TypeScript code and update the dist/index.js
file. This will create a new commit with the message "chore(build): automated
change".
**Important**: You must wait for this automated commit to complete before proceeding to the next step, as the release should be created from this commit to ensure it includes the updated dist/index.js.
**Important**: You must wait for this automated commit to complete before
proceeding to the next step, as the release should be created from this
commit to ensure it includes the updated dist/index.js.
7. **Create a GitHub Release**
- Go to the Releases page on GitHub
- Click "Draft a new release"
- Set the tag to `vX.0.0` (e.g., `v3.0.0`)
- **Important**: Ensure you're creating the release from the latest commit that includes the updated dist/index.js
- **Important**: Ensure you're creating the release from the latest commit
that includes the updated dist/index.js
- Set the title to a descriptive name for the release
- Add detailed release notes describing breaking changes, new features, etc.
- Publish the release
8. **Automatic Major Version Tag**
After publishing the release, the `git-tag-major-version` workflow will automatically:
After publishing the release, the `git-tag-major-version` workflow will
automatically:
- Extract the major version from the release tag (e.g., `v3.0.0` → `v3`)
- Delete the existing major version tag if it exists
- Create a new major version tag pointing to the release commit
@@ -121,12 +134,17 @@ For minor and patch releases, the process is more automated:
- Create a version commit
- Push the changes to your branch
4. After merging, wait for the `update dist/index.js` workflow to complete
5. Create a GitHub release with the new version number from the latest commit that includes the updated dist/index.js
5. Create a GitHub release with the new version number from the latest commit
that includes the updated dist/index.js
### Automatic Processes
The following processes happen automatically:
- **dist/index.js Updates**: When changes are pushed to the main branch, the `update dist/index.js` workflow automatically compiles the TypeScript code and updates the dist/index.js file.
- **Testing**: Pull requests and changes to the main branch trigger the `build-test` workflow to ensure the code builds and passes all tests.
- **Daily Scanning**: The `daily scan` workflow runs npm audit daily to check for vulnerabilities.
- **dist/index.js Updates**: When changes are pushed to the main branch, the
`update dist/index.js` workflow automatically compiles the TypeScript code and
updates the dist/index.js file.
- **Testing**: Pull requests and changes to the main branch trigger the
`build-test` workflow to ensure the code builds and passes all tests.
- **Daily Scanning**: The `daily scan` workflow runs npm audit daily to check
for vulnerabilities.

51
README.md
View File

@@ -8,11 +8,13 @@ GitHub Action to run `npm audit`
### Create a Pull Request comment
If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.
If vulnerabilities are found by `npm audit`, Action triggered by PR creates a
comment.
### Create an Issue
If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.
If vulnerabilities are found by `npm audit`, Action triggered by push, schedule
creates the following GitHub Issue.
![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)
@@ -20,26 +22,26 @@ If vulnerabilities are found by `npm audit`, Action triggered by push, schedule
### Inputs
|Parameter|Required|Default Value|Description|
|:--:|:--:|:--:|:--|
|audit_level|false|low|The value of `--audit-level` flag|
|create_issues|false|true|Flag to create issues when vulnerabilities are found|
|create_pr_comments|false|true|Flag to create pr comments when vulnerabilities are found|
|dedupe_issues|false|false|Flag to de-dupe against open issues|
|github_context|false|`${{ toJson(github) }}`|The `github` context|
|github_token|true|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
|issue_assignees|false|N/A|Issue assignees (separated by commma)|
|issue_labels|false|N/A|Issue labels (separated by commma)|
|issue_title|false|npm audit found vulnerabilities|Issue title|
|json_flag|false|false|Run `npm audit` with `--json`|
|production_flag|false|false|Run `npm audit` with `--omit=dev`|
|working_directory|false|N/A|The directory which contains package.json|
| Parameter | Required | Default Value | Description |
| :----------------: | :------: | :-----------------------------: | :------------------------------------------------------------------ |
| audit_level | false | low | The value of `--audit-level` flag |
| create_issues | false | true | Flag to create issues when vulnerabilities are found |
| create_pr_comments | false | true | Flag to create pr comments when vulnerabilities are found |
| dedupe_issues | false | false | Flag to de-dupe against open issues |
| github_context | false | `${{ toJson(github) }}` | The `github` context |
| github_token | true | N/A | GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended. |
| issue_assignees | false | N/A | Issue assignees (separated by commma) |
| issue_labels | false | N/A | Issue labels (separated by commma) |
| issue_title | false | npm audit found vulnerabilities | Issue title |
| json_flag | false | false | Run `npm audit` with `--json` |
| production_flag | false | false | Run `npm audit` with `--omit=dev` |
| working_directory | false | N/A | The directory which contains package.json |
### Outputs
|Parameter name|Description|
|:--:|:--|
|npm_audit|The output of the npm audit report in a text format|
| Parameter name | Description |
| :------------: | :-------------------------------------------------- |
| npm_audit | The output of the npm audit report in a text format |
## Example Workflow
@@ -77,13 +79,15 @@ jobs:
### Running Tests
This project uses [Vitest](https://vitest.dev/) for testing. To run the tests, use the following command:
This project uses [Vitest](https://vitest.dev/) for testing. To run the tests,
use the following command:
```bash
npm run test
```
Vitest will execute all test files and provide a detailed report of the results. For coverage reports, you can use:
Vitest will execute all test files and provide a detailed report of the results.
For coverage reports, you can use:
```bash
npm run test:coverage
@@ -95,6 +99,7 @@ Ensure all dependencies are installed before running the tests:
npm ci
```
- - -
---
This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).
This action is inspired by
[homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).

4
__tests__/testdata/audit/error.json vendored
View File

@@ -21,9 +21,7 @@
"findings": [
{
"version": "2.19.2",
"paths": [
"moment"
]
"paths": ["moment"]
}
],
"id": 532,