Go to file

dependabot[bot] c2f20e6961 Bump axios from 0.20.0 to 0.21.1 (#81 )

Bumps [axios](https://github.com/axios/axios) from 0.20.0 to 0.21.1.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v0.21.1/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v0.20.0...v0.21.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2021-01-06 13:19:17 +09:00

__tests__

feat: add the ability to run with '--json' and output the result (#78 )

2020-12-12 20:56:05 +09:00

.devcontainer

add Dockerfile to use VSCode Remote Container

2020-06-06 11:02:15 +00:00

.github

update version

2020-12-12 12:04:36 +00:00

dist

run npm run all

2020-12-12 12:01:55 +00:00

src

run npm run all

2020-12-12 12:01:55 +00:00

.editorconfig

setup repo & run npm audit (#1 )

2019-12-08 22:10:35 +09:00

.eslintignore

Initial commit

2019-12-08 19:17:13 +09:00

.eslintrc.json

npm audit fix & npm update (#70 )

2020-09-11 22:04:02 +09:00

.gitignore

Initial commit

2019-12-08 19:17:13 +09:00

.prettierignore

Initial commit

2019-12-08 19:17:13 +09:00

.prettierrc.json

Initial commit

2019-12-08 19:17:13 +09:00

action.yml

feat: add the ability to run with '--json' and output the result (#78 )

2020-12-12 20:56:05 +09:00

DEVELOPMENT.md

add unit test and cleanup (#28 )

2019-12-13 16:09:10 +09:00

Dockerfile

add Dockerfile to use VSCode Remote Container

2020-06-06 11:02:15 +00:00

issue.png

Add image and example to README.md

2019-12-09 14:13:56 +09:00

jest.config.js

Initial commit

2019-12-08 19:17:13 +09:00

LICENSE

setup repo & run npm audit (#1 )

2019-12-08 22:10:35 +09:00

package-lock.json

Bump axios from 0.20.0 to 0.21.1 (#81 )

2021-01-06 13:19:17 +09:00

package.json

Bump axios from 0.20.0 to 0.21.1 (#81 )

2021-01-06 13:19:17 +09:00

README.md

update version

2020-12-12 12:04:36 +00:00

tsconfig.json

Initial commit

2019-12-08 19:17:13 +09:00

README.md

npm audit action

GitHub Action to run npm audit

Feature

Create a Pull Request comment

If vulnerabilities are found by npm audit, Action triggered by PR creates a comment.

Create an Issue

If vulnerabilities are found by npm audit, Action triggered by push, schedule creates the following GitHub Issue.

Usage

Inputs

Parameter	Required	Default Value	Description
audit_level	false	low	The value of `--audit-level` flag
production_flag	false	false	Runnning `npm audit` with `--production`
json_flag	false	false	Runnning `npm audit` with `--json`
issue_assignees	false	N/A	Issue assignees (separated by commma)
issue_labels	false	N/A	Issue labels (separated by commma)
issue_title	false	npm audit found vulnerabilities	Issue title
token	true	N/A	GitHub Access Token. ${{ secrets.GITHUB_TOKEN }} is recommended.
working_directory	false	N/A	The directory which contains package.json (since v1.4.0)
dedupe_issues	false	false	If 'true', action will not create a new issue when one is already open (since v1.5.0)

Outputs

Parameter name	Description
npm_audit	The output of the npm audit report in a text format

Example Workflow

name: npm audit

on:
  pull_request:
  push:
    branches:
      - master
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v1.7.0
        with:
          audit_level: moderate
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test
          dedupe_issues: true

This action is inspired by homoluctus/gitrivy.