Skip to content

chore(deps): lock file maintenance #124

chore(deps): lock file maintenance

chore(deps): lock file maintenance #124

Workflow file for this run

name: Package Audit
on:
push:
branches:
- '**'
paths:
- package.json
- package-lock.json
- .github/workflows/package-audit.yml
workflow_dispatch:
permissions:
contents: read
jobs:
audit-npm:
name: NPM Audit
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
allowed-endpoints:
api.github.com:443
github.com:443
npm.pkg.github.com:443
pkg-npm.githubusercontent.com:443
registry.npmjs.org:443
- name: Audit with NPM
uses: myrotvorets/composite-actions/node-package-audit@master
provenance:
name: Verify signatures and provenance statements
runs-on: ubuntu-latest
permissions:
contents: read
packages: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
disable-sudo: true
allowed-endpoints:
api.github.com:443
github.com:443
npm.pkg.github.com:443
pkg-npm.githubusercontent.com:443
registry.npmjs.org:443
tuf-repo-cdn.sigstore.dev:443
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js environment
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: lts/*
registry-url: https://npm.pkg.github.com
cache: npm
- name: Install dependencies
run: npm ci --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update npm
run: npm i -g npm
- name: Run audit
run: npm audit signatures
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}