nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
304 Commits 1 Branch 2 Tags
6ee35e41aadd39998705010a9bc71585ca2908c4
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Naoki Oketani 6ee35e41aa Merge pull request #243 from oke-py/fix/ci 
refactor(ci): rename npm script from pack to package and update workflow
2025-05-05 19:41:17 +09:00
__tests__
fix: resolve prettier and eslint conflict by removing bracketSpacing: false
2025-05-03 12:32:25 +00:00
.clinerules
refactor(ci): rename npm script from pack to package and update workflow
2025-05-05 10:37:01 +00:00
.devcontainer
Update devcontainer.json: Node.js 20, add Claude extension, enable GitHub CLI
2025-05-02 04:06:10 +00:00
.github
refactor(ci): rename npm script from pack to package and update workflow
2025-05-05 10:37:01 +00:00
dist
chore(build): automated change
2025-05-05 06:20:37 +00:00
src
chore(build): automated change
2025-05-05 06:20:37 +00:00
.gitignore
Initial commit
2019-12-08 19:17:13 +09:00
.prettierignore
Initial commit
2019-12-08 19:17:13 +09:00
.prettierrc.yml
refactor(config): migrate from .editorconfig and .prettierrc.json to .prettierrc.yml
2025-05-05 06:14:42 +00:00
action.yml
Update to Node.js 20 compatibility
2025-05-01 12:05:25 +00:00
DEVELOPMENT.md
docs: add major version release procedure to DEVELOPMENT.md
2025-05-04 03:01:29 +00:00
eslint.config.js
chore: migrate to ESLint 9 and update configurations
2025-05-03 12:03:12 +00:00
issue.png
Add image and example to README.md
2019-12-09 14:13:56 +09:00
LICENSE
setup repo & run npm audit (#1)
2019-12-08 22:10:35 +09:00
package-lock.json
chore: migrate build process from @vercel/ncc to rollup
2025-05-05 10:14:17 +00:00
package.json
refactor(ci): rename npm script from pack to package and update workflow
2025-05-05 10:37:01 +00:00
README.md
feat: update references from v2 to v3 for release v3.0.0
2025-05-03 13:54:49 +00:00
rollup.config.ts
chore: migrate build process from @vercel/ncc to rollup
2025-05-05 10:14:17 +00:00
tsconfig.eslint.json
chore: migrate build process from @vercel/ncc to rollup
2025-05-05 10:14:17 +00:00
tsconfig.json
chore: migrate to ESLint 9 and update configurations
2025-05-03 12:03:12 +00:00
vitest.config.ts
fix: limit test coverage to src directory only
2025-05-03 12:20:53 +00:00

README.md

npm audit action

Coverage Status

GitHub Action to run npm audit

Feature

Create a Pull Request comment

If vulnerabilities are found by npm audit, Action triggered by PR creates a comment.

Create an Issue

If vulnerabilities are found by npm audit, Action triggered by push, schedule creates the following GitHub Issue.

image

Usage

Inputs

Parameter Required Default Value Description
audit_level false low The value of --audit-level flag
create_issues false true Flag to create issues when vulnerabilities are found
create_pr_comments false true Flag to create pr comments when vulnerabilities are found
dedupe_issues false false Flag to de-dupe against open issues
github_context false ${{ toJson(github) }} The github context
github_token true N/A GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.
issue_assignees false N/A Issue assignees (separated by commma)
issue_labels false N/A Issue labels (separated by commma)
issue_title false npm audit found vulnerabilities Issue title
json_flag false false Run npm audit with --json
production_flag false false Run npm audit with --omit=dev
working_directory false N/A The directory which contains package.json

Outputs

Parameter name Description
npm_audit The output of the npm audit report in a text format

Example Workflow

name: npm audit

on:
  pull_request:
  push:
    branches:
      - main
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v3
        with:
          audit_level: moderate
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test
          dedupe_issues: true

Development

Running Tests

This project uses Vitest for testing. To run the tests, use the following command:

npm run test

Vitest will execute all test files and provide a detailed report of the results. For coverage reports, you can use:

npm run test:coverage

Ensure all dependencies are installed before running the tests:

npm ci

This action is inspired by homoluctus/gitrivy.

Reference in New Issue View Git Blame Copy Permalink
Description
A scuffed port of npm-audit-action to Gitea-js
Readme MIT 6.1 MiB
Languages
TypeScript 91.9%
JavaScript 8.1%