npm-audit-fix action
ActionsTags
(2)
This action runs npm audit fix and creates a pull request.
For example, you can add this action by creating .github/workflows/npm-audit-fix.yml:
name: npm audit fix
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
npm-audit-fix:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: ybiquitous/npm-audit-fix-action@v7| Name | Description | Default |
|---|---|---|
github_token |
GitHub token. | ${{ github.token }} |
github_user |
GitHub user name for commit changes. | ${{ github.actor }} |
github_email |
GitHub user email for commit changes. | ${{ github.actor }}@users.noreply.github.com |
branch |
Created branch. | npm-audit-fix-action/fix |
default_branch |
Default branch. | Auto-detected. |
commit_title |
Commit message and pull request title. | build(deps): npm audit fix |
labels |
Labels for pull request (comma-separated). | dependencies, javascript, security |
assignees |
Assignees for pull request (comma-separated). | n/a |
npm_args |
Arguments for the npm command. |
n/a |
path |
Path to the project root directory. | . |
See action.yml.
If you want to run your CI with pull requests created by this action, you may need to set your personal access token instead of the GitHub's default token:
For example:
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}The reason is that the default token does not have enough permissions to trigger CI. See also the GitHub document about the token permissions.
MIT © Masafumi Koba
npm-audit-fix action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
Tags
(2)npm-audit-fix action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.