72 lines
1.9 KiB
Markdown
72 lines
1.9 KiB
Markdown
# npm audit action
|
|
|
|
[](https://coveralls.io/github/oke-py/npm-audit-action?branch=master)
|
|
|
|
GitHub Action to run `npm audit`
|
|
|
|
## Feature
|
|
|
|
### Create a Pull Request comment
|
|
|
|
If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.
|
|
|
|
### Create an Issue
|
|
|
|
If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
### Inputs
|
|
|
|
|Parameter|Required|Default Value|Description|
|
|
|:--:|:--:|:--:|:--|
|
|
|audit_level|false|low|The value of `--audit-level` flag|
|
|
|issue_assignees|false|N/A|Issue assignees (separated by commma)|
|
|
|issue_labels|false|N/A|Issue labels (separated by commma)|
|
|
|issue_title|false|npm audit found vulnerabilities|Issue title|
|
|
|token|true|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
|
|
|working_directory|false|N/A|The directory which contains package.json (since v1.4.0)|
|
|
|dedupe_issues|false|false|If 'true', action will not create a new issue when one is already open (since v1.5.0)|
|
|
|
|
### Outputs
|
|
|
|
N/A
|
|
|
|
## Example Workflow
|
|
|
|
```yaml
|
|
name: npm audit
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- master
|
|
- 'releases/*'
|
|
# on:
|
|
# schedule:
|
|
# - cron: '0 10 * * *'
|
|
|
|
jobs:
|
|
scan:
|
|
name: npm audit
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: install dependencies
|
|
run: npm ci
|
|
- uses: oke-py/npm-audit-action@v1.5.0
|
|
with:
|
|
audit_level: moderate
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
issue_assignees: oke-py
|
|
issue_labels: vulnerability,test
|
|
dedupe_issues: true
|
|
```
|
|
|
|
- - -
|
|
|
|
This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).
|