nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
b91c65bee2c36edfda1beec531a796b2dddae7e6
npm-audit-action/README.md
Naoki Oketani 3fa1b7654e feat: update references from v2 to v3 for release v3.0.0
2025-05-03 13:54:49 +00:00

101 lines
2.6 KiB
Markdown
Raw Blame History

# npm audit action
[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=main)](https://coveralls.io/github/oke-py/npm-audit-action?branch=main)
GitHub Action to run `npm audit`
## Feature
### Create a Pull Request comment
If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.
### Create an Issue
If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.
![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)
## Usage
### Inputs
|Parameter|Required|Default Value|Description|
|:--:|:--:|:--:|:--|
|audit_level|false|low|The value of `--audit-level` flag|
|create_issues|false|true|Flag to create issues when vulnerabilities are found|
|create_pr_comments|false|true|Flag to create pr comments when vulnerabilities are found|
|dedupe_issues|false|false|Flag to de-dupe against open issues|
|github_context|false|`${{ toJson(github) }}`|The `github` context|
|github_token|true|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
|issue_assignees|false|N/A|Issue assignees (separated by commma)|
|issue_labels|false|N/A|Issue labels (separated by commma)|
|issue_title|false|npm audit found vulnerabilities|Issue title|
|json_flag|false|false|Run `npm audit` with `--json`|
|production_flag|false|false|Run `npm audit` with `--omit=dev`|
|working_directory|false|N/A|The directory which contains package.json|
### Outputs
|Parameter name|Description|
|:--:|:--|
|npm_audit|The output of the npm audit report in a text format|
## Example Workflow
```yaml
name: npm audit
on:
pull_request:
push:
branches:
- main
- 'releases/*'
# on:
# schedule:
# - cron: '0 10 * * *'
jobs:
scan:
name: npm audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: install dependencies
run: npm ci
- uses: oke-py/npm-audit-action@v3
with:
audit_level: moderate
github_token: ${{ secrets.GITHUB_TOKEN }}
issue_assignees: oke-py
issue_labels: vulnerability,test
dedupe_issues: true
```
## Development
### Running Tests
This project uses [Vitest](https://vitest.dev/) for testing. To run the tests, use the following command:
```bash
npm run test
```
Vitest will execute all test files and provide a detailed report of the results. For coverage reports, you can use:
```bash
npm run test:coverage
```
Ensure all dependencies are installed before running the tests:
```bash
npm ci
```
- - -
This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).
Reference in New Issue View Git Blame Copy Permalink