{"id":13485194,"url":"https://github.com/oke-py/npm-audit-action","last_synced_at":"2026-01-28T04:00:40.970Z","repository":{"id":36485226,"uuid":"226648678","full_name":"oke-py/npm-audit-action","owner":"oke-py","description":"GitHub Action to run `npm audit`","archived":false,"fork":false,"pushed_at":"2025-02-19T07:53:22.000Z","size":2408,"stargazers_count":44,"open_issues_count":17,"forks_count":27,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-24T08:09:55.035Z","etag":null,"topics":["github-action","npm","security","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oke-py.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-08T10:17:12.000Z","updated_at":"2025-03-14T12:24:24.000Z","dependencies_parsed_at":"2024-10-24T08:16:52.792Z","dependency_job_id":"33e0b209-ebe5-41a1-8257-1ca07514d17b","html_url":"https://github.com/oke-py/npm-audit-action","commit_stats":{"total_commits":179,"total_committers":11,"mean_commits":"16.272727272727273","dds":0.1899441340782123,"last_synced_commit":"362afbddcab9b95a87d82ee91ad540efa164bb7b"},"previous_names":[],"tags_count":32,"template":false,"template_full_name":"actions/typescript-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oke-py%2Fnpm-audit-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oke-py%2Fnpm-audit-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oke-py%2Fnpm-audit-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oke-py%2Fnpm-audit-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oke-py","download_url":"https://codeload.github.com/oke-py/npm-audit-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245892477,"owners_count":20689508,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-action","npm","security","vulnerability"],"created_at":"2024-07-31T17:01:50.194Z","updated_at":"2026-01-28T04:00:40.964Z","avatar_url":"https://github.com/oke-py.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# npm audit action\n\n[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=main)](https://coveralls.io/github/oke-py/npm-audit-action?branch=main)\n\nGitHub Action to run `npm audit`\n\n## Feature\n\n### Create a Pull Request comment\n\nIf vulnerabilities are found by `npm audit`, Action triggered by PR creates a\ncomment.\n\n### Create an Issue\n\nIf vulnerabilities are found by `npm audit`, Action triggered by push, schedule\ncreates the following GitHub Issue.\n\n![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)\n\n## Usage\n\n### Inputs\n\n|     Parameter      | Required |          Default Value          | Description                                                         |\n| :----------------: | :------: | :-----------------------------: | :------------------------------------------------------------------ |\n|    audit_level     |  false   |               low               | The value of `--audit-level` flag                                   |\n|   create_issues    |  false   |              true               | Flag to create issues when vulnerabilities are found                |\n| create_pr_comments |  false   |              true               | Flag to create pr comments when vulnerabilities are found           |\n|   dedupe_issues    |  false   |              false              | Flag to de-dupe against open issues                                 |\n|   github_context   |  false   |     `${{ toJson(github) }}`     | The `github` context                                                |\n|    github_token    |   true   |               N/A               | GitHub Access Token.\u003cbr\u003e${{ secrets.GITHUB_TOKEN }} is recommended. |\n|  issue_assignees   |  false   |               N/A               | Issue assignees (separated by commma)                               |\n|    issue_labels    |  false   |               N/A               | Issue labels (separated by commma)                                  |\n|    issue_title     |  false   | npm audit found vulnerabilities | Issue title                                                         |\n|     json_flag      |  false   |              false              | Run `npm audit` with `--json`                                       |\n|  production_flag   |  false   |              false              | Run `npm audit` with `--omit=dev`                                   |\n| working_directory  |  false   |               N/A               | The directory which contains package.json                           |\n\n### Outputs\n\n| Parameter name | Description                                         |\n| :------------: | :-------------------------------------------------- |\n|   npm_audit    | The output of the npm audit report in a text format |\n\n## Example Workflow\n\n```yaml\nname: npm audit\n\non:\n  pull_request:\n  push:\n    branches:\n      - main\n      - 'releases/*'\n# on:\n#   schedule:\n#     - cron: '0 10 * * *'\n\njobs:\n  scan:\n    name: npm audit\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - name: install dependencies\n        run: npm ci\n      - uses: oke-py/npm-audit-action@v3\n        with:\n          audit_level: moderate\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n          issue_assignees: oke-py\n          issue_labels: vulnerability,test\n          dedupe_issues: true\n```\n\n## Development\n\n### Running Tests\n\nThis project uses [Vitest](https://vitest.dev/) for testing. To run the tests,\nuse the following command:\n\n```bash\nnpm run test\n```\n\nVitest will execute all test files and provide a detailed report of the results.\nFor coverage reports, you can use:\n\n```bash\nnpm run test:coverage\n```\n\nEnsure all dependencies are installed before running the tests:\n\n```bash\nnpm ci\n```\n\n---\n\nThis action is inspired by\n[homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foke-py%2Fnpm-audit-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foke-py%2Fnpm-audit-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foke-py%2Fnpm-audit-action/lists"}