Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/oke-py/npm-audit-action
GitHub Action to run `npm audit`
https://github.com/oke-py/npm-audit-action
github-action npm security vulnerability
Last synced: about 2 months ago
JSON representation
GitHub Action to run `npm audit`
- Host: GitHub
- URL: https://github.com/oke-py/npm-audit-action
- Owner: oke-py
- License: mit
- Created: 2019-12-08T10:17:12.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2024-10-24T05:45:08.000Z (2 months ago)
- Last Synced: 2024-10-26T08:41:29.067Z (2 months ago)
- Topics: github-action, npm, security, vulnerability
- Language: TypeScript
- Homepage:
- Size: 2.16 MB
- Stars: 41
- Watchers: 4
- Forks: 26
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# npm audit action
[![Coverage Status](https://coveralls.io/repos/github/oke-py/npm-audit-action/badge.svg?branch=main)](https://coveralls.io/github/oke-py/npm-audit-action?branch=main)
GitHub Action to run `npm audit`
## Feature
### Create a Pull Request comment
If vulnerabilities are found by `npm audit`, Action triggered by PR creates a comment.
### Create an Issue
If vulnerabilities are found by `npm audit`, Action triggered by push, schedule creates the following GitHub Issue.
![image](https://github.com/oke-py/npm-audit-action/blob/main/issue.png)
## Usage
### Inputs
|Parameter|Required|Default Value|Description|
|:--:|:--:|:--:|:--|
|audit_level|false|low|The value of `--audit-level` flag|
|create_issues|false|true|Flag to create issues when vulnerabilities are found|
|create_pr_comments|false|true|Flag to create pr comments when vulnerabilities are found|
|dedupe_issues|false|false|Flag to de-dupe against open issues|
|github_context|false|`${{ toJson(github) }}`|The `github` context|
|github_token|true|N/A|GitHub Access Token.
${{ secrets.GITHUB_TOKEN }} is recommended.|
|issue_assignees|false|N/A|Issue assignees (separated by commma)|
|issue_labels|false|N/A|Issue labels (separated by commma)|
|issue_title|false|npm audit found vulnerabilities|Issue title|
|json_flag|false|false|Run `npm audit` with `--json`|
|production_flag|false|false|Run `npm audit` with `--omit=dev`|
|working_directory|false|N/A|The directory which contains package.json|### Outputs
|Parameter name|Description|
|:--:|:--|
|npm_audit|The output of the npm audit report in a text format|## Example Workflow
```yaml
name: npm auditon:
pull_request:
push:
branches:
- main
- 'releases/*'
# on:
# schedule:
# - cron: '0 10 * * *'jobs:
scan:
name: npm audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: install dependencies
run: npm ci
- uses: oke-py/npm-audit-action@v2
with:
audit_level: moderate
github_token: ${{ secrets.GITHUB_TOKEN }}
issue_assignees: oke-py
issue_labels: vulnerability,test
dedupe_issues: true
```- - -
This action is inspired by [homoluctus/gitrivy](https://github.com/homoluctus/gitrivy).