nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
npm-audit-action/README.md
Dark Steveneq d0cc7b6646
Some checks failed
Check Transpiled JavaScript / Check dist/ (push) Successful in 34s
Details
build-test / build (20, ubuntu-latest) (push) Failing after 22s
Details
build-test / test (20, ubuntu-latest) (push) Failing after 13s
Details
build-test / build (20, macos-latest) (push) Has been cancelled
Details
build-test / build-on-windows (20) (push) Has been cancelled
Details
build-test / test (20, macos-latest) (push) Has been cancelled
Details
git tag major version / tag-major-version (release) Failing after 9s
Details
daily scan / npm audit (macos-latest) (push) Waiting to run
Details
daily scan / npm audit (ubuntu-latest) (push) Failing after 37s
Details
Update bundle
2026-01-20 09:54:53 +01:00

109 lines
3.9 KiB
Markdown
Raw Permalink Blame History

[!INFO] This repo is a scuffed Gitea port of the
[original](https://github.com/oke-py/npm-audit-action) project
# npm audit action
[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=main)](https://coveralls.io/github/oke-py/npm-audit-action?branch=main)
GitHub Action to run `npm audit`
## Feature
### Create a Pull Request comment
If vulnerabilities are found by `npm audit`, Action triggered by PR creates a
comment.
### Create an Issue
If vulnerabilities are found by `npm audit`, Action triggered by push, schedule
creates the following GitHub Issue.
![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)
## Usage
### Inputs
| Parameter | Required | Default Value | Description |
| :----------------: | :------: | :-----------------------------: | :------------------------------------------------------------------ |
| audit_level | false | low | The value of `--audit-level` flag |
| create_issues | false | true | Flag to create issues when vulnerabilities are found |
| create_pr_comments | false | true | Flag to create pr comments when vulnerabilities are found |
| dedupe_issues | false | false | Flag to de-dupe against open issues |
| github_context | false | `${{ toJson(github) }}` | The `github` context |
| github_token | true | N/A | GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended. |
| issue_assignees | false | N/A | Issue assignees (separated by commma) |
| issue_labels | false | N/A | Issue labels (separated by commma) |
| issue_title | false | npm audit found vulnerabilities | Issue title |
| json_flag | false | false | Run `npm audit` with `--json` |
| production_flag | false | false | Run `npm audit` with `--omit=dev` |
| working_directory | false | N/A | The directory which contains package.json |
### Outputs
| Parameter name | Description |
| :------------: | :-------------------------------------------------- |
| npm_audit | The output of the npm audit report in a text format |
## Example Workflow
```yaml
name: npm audit
on:
pull_request:
push:
branches:
- main
- 'releases/*'
# on:
# schedule:
# - cron: '0 10 * * *'
jobs:
scan:
name: npm audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: install dependencies
run: npm ci
- uses: oke-py/npm-audit-action@v3
with:
audit_level: moderate
github_token: ${{ secrets.GITHUB_TOKEN }}
issue_assignees: oke-py
issue_labels: vulnerability,test
dedupe_issues: true
```
## Development
### Running Tests
This project uses [Vitest](https://vitest.dev/) for testing. To run the tests,
use the following command:
```bash
npm run test
```
Vitest will execute all test files and provide a detailed report of the results.
For coverage reports, you can use:
```bash
npm run test:coverage
```
Ensure all dependencies are installed before running the tests:
```bash
npm ci
```
---
This action is inspired by
[homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).
Reference in New Issue View Git Blame Copy Permalink