Go to file

dependabot[bot] 569d74e85f build(deps-dev): bump the npm-development group with 8 updates

Bumps the npm-development group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.17.32` | `20.17.46` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.31.1` | `8.32.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.31.1` | `8.32.0` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `3.1.2` | `3.1.3` |
| [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) | `10.1.2` | `10.1.5` |
| [globals](https://github.com/sindresorhus/globals) | `16.0.0` | `16.1.0` |
| [rollup](https://github.com/rollup/rollup) | `4.40.1` | `4.40.2` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `3.1.2` | `3.1.3` |


Updates `@types/node` from 20.17.32 to 20.17.46
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.31.1 to 8.32.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.31.1 to 8.32.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.0/packages/parser)

Updates `@vitest/coverage-v8` from 3.1.2 to 3.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.1.3/packages/coverage-v8)

Updates `eslint-config-prettier` from 10.1.2 to 10.1.5
- [Release notes](https://github.com/prettier/eslint-config-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/eslint-config-prettier/compare/v10.1.2...v10.1.5)

Updates `globals` from 16.0.0 to 16.1.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v16.0.0...v16.1.0)

Updates `rollup` from 4.40.1 to 4.40.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.40.1...v4.40.2)

Updates `vitest` from 3.1.2 to 3.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.1.3/packages/vitest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 20.17.46
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 3.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: globals
  dependency-version: 16.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: rollup
  dependency-version: 4.40.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: vitest
  dependency-version: 3.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

2025-05-12 10:16:08 +00:00

__fixtures__

fix(eslint): resolve @typescript-eslint/no-unused-vars errors

2025-05-07 11:58:37 +00:00

__tests__

fix(lint): resolve @typescript-eslint/no-explicit-any warnings

2025-05-07 12:11:12 +00:00

.clinerules

docs(rules): update dist directory inclusion guidelines

2025-05-06 11:53:28 +00:00

.devcontainer

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

.github

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

.licenses/npm

Auto-update license files

2025-05-05 12:20:00 +00:00

dist

fix(lint): resolve @typescript-eslint/no-explicit-any warnings

2025-05-07 12:11:12 +00:00

src

fix(lint): resolve @typescript-eslint/no-explicit-any warnings

2025-05-07 12:11:12 +00:00

.gitattributes

chore(git): add .gitattributes file for consistent line endings and generated files

2025-05-05 11:04:47 +00:00

.gitignore

Initial commit

2019-12-08 19:17:13 +09:00

.licensed.yml

chore(license): add license checking configuration and workflow

2025-05-05 11:23:30 +00:00

.markdown-lint.yml

chore(lint): add markdown and yaml linter configurations

2025-05-05 11:15:04 +00:00

.node-version

refactor(ci): update workflow configuration and add Node.js version file

2025-05-05 11:12:23 +00:00

.prettierignore

refactor(style): update .prettierignore to match template repository

2025-05-05 12:42:43 +00:00

.prettierrc.yml

refactor(config): migrate from .editorconfig and .prettierrc.json to .prettierrc.yml

2025-05-05 06:14:42 +00:00

.yaml-lint.yml

chore(lint): add markdown and yaml linter configurations

2025-05-05 11:15:04 +00:00

action.yml

Update to Node.js 20 compatibility

2025-05-01 12:05:25 +00:00

DEVELOPMENT.md

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

eslint.config.mjs

fix(lint): remove unnecessary ESLint rules

2025-05-07 12:14:50 +00:00

issue.png

Add image and example to README.md

2019-12-09 14:13:56 +09:00

LICENSE

setup repo & run npm audit (#1 )

2019-12-08 22:10:35 +09:00

package-lock.json

build(deps-dev): bump the npm-development group with 8 updates

2025-05-12 10:16:08 +00:00

package.json

build(deps-dev): bump the npm-development group with 8 updates

2025-05-12 10:16:08 +00:00

README.md

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

rollup.config.ts

refactor(build): update TypeScript and Rollup configuration

2025-05-05 11:52:10 +00:00

tsconfig.base.json

refactor(build): update TypeScript and Rollup configuration

2025-05-05 11:52:10 +00:00

tsconfig.eslint.json

fix: suppress unnecessary output during test execution

2025-05-07 11:18:01 +00:00

tsconfig.json

refactor(build): update TypeScript and Rollup configuration

2025-05-05 11:52:10 +00:00

vitest.config.ts

fix: limit test coverage to src directory only

2025-05-03 12:20:53 +00:00

README.md

npm audit action

GitHub Action to run npm audit

Feature

Create a Pull Request comment

If vulnerabilities are found by npm audit, Action triggered by PR creates a comment.

Create an Issue

If vulnerabilities are found by npm audit, Action triggered by push, schedule creates the following GitHub Issue.

Usage

Inputs

Parameter	Required	Default Value	Description
audit_level	false	low	The value of `--audit-level` flag
create_issues	false	true	Flag to create issues when vulnerabilities are found
create_pr_comments	false	true	Flag to create pr comments when vulnerabilities are found
dedupe_issues	false	false	Flag to de-dupe against open issues
github_context	false	`${{ toJson(github) }}`	The `github` context
github_token	true	N/A	GitHub Access Token. ${{ secrets.GITHUB_TOKEN }} is recommended.
issue_assignees	false	N/A	Issue assignees (separated by commma)
issue_labels	false	N/A	Issue labels (separated by commma)
issue_title	false	npm audit found vulnerabilities	Issue title
json_flag	false	false	Run `npm audit` with `--json`
production_flag	false	false	Run `npm audit` with `--omit=dev`
working_directory	false	N/A	The directory which contains package.json

Outputs

Parameter name	Description
npm_audit	The output of the npm audit report in a text format

Example Workflow

name: npm audit

on:
  pull_request:
  push:
    branches:
      - main
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v3
        with:
          audit_level: moderate
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test
          dedupe_issues: true

Development

Running Tests

This project uses Vitest for testing. To run the tests, use the following command:

npm run test

Vitest will execute all test files and provide a detailed report of the results. For coverage reports, you can use:

npm run test:coverage

Ensure all dependencies are installed before running the tests:

npm ci

This action is inspired by homoluctus/gitrivy.