Go to file

dependabot[bot] d012707798 build(deps-dev): bump the npm-development group with 7 updates

Bumps the npm-development group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.26.0` | `9.27.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.17.46` | `20.17.48` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.32.0` | `8.32.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.32.0` | `8.32.1` |
| [eslint](https://github.com/eslint/eslint) | `9.26.0` | `9.27.0` |
| [eslint-import-resolver-typescript](https://github.com/import-js/eslint-import-resolver-typescript) | `4.3.4` | `4.3.5` |
| [rollup](https://github.com/rollup/rollup) | `4.40.2` | `4.41.0` |


Updates `@eslint/js` from 9.26.0 to 9.27.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.27.0/packages/js)

Updates `@types/node` from 20.17.46 to 20.17.48
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.32.0 to 8.32.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.32.0 to 8.32.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.1/packages/parser)

Updates `eslint` from 9.26.0 to 9.27.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.26.0...v9.27.0)

Updates `eslint-import-resolver-typescript` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/import-js/eslint-import-resolver-typescript/releases)
- [Changelog](https://github.com/import-js/eslint-import-resolver-typescript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-import-resolver-typescript/compare/v4.3.4...v4.3.5)

Updates `rollup` from 4.40.2 to 4.41.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.40.2...v4.41.0)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.27.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 20.17.48
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.32.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.32.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.27.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint-import-resolver-typescript
  dependency-version: 4.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: rollup
  dependency-version: 4.41.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

2025-05-19 10:02:43 +00:00

__fixtures__

fix(eslint): resolve @typescript-eslint/no-unused-vars errors

2025-05-07 11:58:37 +00:00

__tests__

fix(lint): resolve @typescript-eslint/no-explicit-any warnings

2025-05-07 12:11:12 +00:00

.clinerules

docs(rules): update dist directory inclusion guidelines

2025-05-06 11:53:28 +00:00

.devcontainer

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

.github

fix(ci): run coveralls upload only on ubuntu-latest

2025-05-13 21:10:54 +09:00

.licenses/npm

Auto-update license files

2025-05-05 12:20:00 +00:00

dist

chore(build): update dist files

2025-05-13 21:17:58 +09:00

src

fix(lint): resolve @typescript-eslint/no-explicit-any warnings

2025-05-07 12:11:12 +00:00

.gitattributes

chore(git): add .gitattributes file for consistent line endings and generated files

2025-05-05 11:04:47 +00:00

.gitignore

Initial commit

2019-12-08 19:17:13 +09:00

.licensed.yml

chore(license): add license checking configuration and workflow

2025-05-05 11:23:30 +00:00

.markdown-lint.yml

chore(lint): add markdown and yaml linter configurations

2025-05-05 11:15:04 +00:00

.node-version

refactor(ci): update workflow configuration and add Node.js version file

2025-05-05 11:12:23 +00:00

.prettierignore

refactor(style): update .prettierignore to match template repository

2025-05-05 12:42:43 +00:00

.prettierrc.yml

refactor(config): migrate from .editorconfig and .prettierrc.json to .prettierrc.yml

2025-05-05 06:14:42 +00:00

.yaml-lint.yml

chore(lint): add markdown and yaml linter configurations

2025-05-05 11:15:04 +00:00

action.yml

Update to Node.js 20 compatibility

2025-05-01 12:05:25 +00:00

DEVELOPMENT.md

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

eslint.config.mjs

fix(lint): remove unnecessary ESLint rules

2025-05-07 12:14:50 +00:00

issue.png

Add image and example to README.md

2019-12-09 14:13:56 +09:00

LICENSE

setup repo & run npm audit (#1 )

2019-12-08 22:10:35 +09:00

package-lock.json

build(deps-dev): bump the npm-development group with 7 updates

2025-05-19 10:02:43 +00:00

package.json

build(deps-dev): bump the npm-development group with 7 updates

2025-05-19 10:02:43 +00:00

README.md

style(format): format code with Prettier

2025-05-05 13:37:57 +00:00

rollup.config.ts

refactor(build): update TypeScript and Rollup configuration

2025-05-05 11:52:10 +00:00

tsconfig.base.json

refactor(build): update TypeScript and Rollup configuration

2025-05-05 11:52:10 +00:00

tsconfig.eslint.json

fix: suppress unnecessary output during test execution

2025-05-07 11:18:01 +00:00

tsconfig.json

refactor(build): update TypeScript and Rollup configuration

2025-05-05 11:52:10 +00:00

vitest.config.ts

fix: limit test coverage to src directory only

2025-05-03 12:20:53 +00:00

README.md

npm audit action

GitHub Action to run npm audit

Feature

Create a Pull Request comment

If vulnerabilities are found by npm audit, Action triggered by PR creates a comment.

Create an Issue

If vulnerabilities are found by npm audit, Action triggered by push, schedule creates the following GitHub Issue.

Usage

Inputs

Parameter	Required	Default Value	Description
audit_level	false	low	The value of `--audit-level` flag
create_issues	false	true	Flag to create issues when vulnerabilities are found
create_pr_comments	false	true	Flag to create pr comments when vulnerabilities are found
dedupe_issues	false	false	Flag to de-dupe against open issues
github_context	false	`${{ toJson(github) }}`	The `github` context
github_token	true	N/A	GitHub Access Token. ${{ secrets.GITHUB_TOKEN }} is recommended.
issue_assignees	false	N/A	Issue assignees (separated by commma)
issue_labels	false	N/A	Issue labels (separated by commma)
issue_title	false	npm audit found vulnerabilities	Issue title
json_flag	false	false	Run `npm audit` with `--json`
production_flag	false	false	Run `npm audit` with `--omit=dev`
working_directory	false	N/A	The directory which contains package.json

Outputs

Parameter name	Description
npm_audit	The output of the npm audit report in a text format

Example Workflow

name: npm audit

on:
  pull_request:
  push:
    branches:
      - main
      - 'releases/*'
# on:
#   schedule:
#     - cron: '0 10 * * *'

jobs:
  scan:
    name: npm audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: install dependencies
        run: npm ci
      - uses: oke-py/npm-audit-action@v3
        with:
          audit_level: moderate
          github_token: ${{ secrets.GITHUB_TOKEN }}
          issue_assignees: oke-py
          issue_labels: vulnerability,test
          dedupe_issues: true

Development

Running Tests

This project uses Vitest for testing. To run the tests, use the following command:

npm run test

Vitest will execute all test files and provide a detailed report of the results. For coverage reports, you can use:

npm run test:coverage

Ensure all dependencies are installed before running the tests:

npm ci

This action is inspired by homoluctus/gitrivy.