Audit #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file is automatically added by @npmcli/template-oss. Do not edit. | |
name: Audit | |
on: | |
workflow_dispatch: | |
schedule: | |
# "At 08:00 UTC (01:00 PT) on Monday" https://crontab.guru/#0_8_*_*_1 | |
- cron: "0 8 * * 1" | |
jobs: | |
audit: | |
name: Audit Dependencies | |
if: github.repository_owner == 'npm' | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Git User | |
run: | | |
git config --global user.email "npm-cli+bot@github.com" | |
git config --global user.name "npm CLI robot" | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
id: node | |
with: | |
node-version: 20.x | |
check-latest: contains('20.x', '.x') | |
# node 10/12/14 ship with npm@6, which is known to fail when updating itself in windows | |
- name: Update Windows npm | |
if: | | |
matrix.platform.os == 'windows-latest' && ( | |
startsWith(steps.node.outputs.node-version, 'v10.') || startsWith(steps.node.outputs.node-version, 'v12.') || startsWith(steps.node.outputs.node-version, 'v14.') | |
) | |
run: | | |
curl -sO https://registry.npmjs.org/npm/-/npm-7.5.4.tgz | |
tar xf npm-7.5.4.tgz | |
cd package | |
node lib/npm.js install --no-fund --no-audit -g ..\npm-7.5.4.tgz | |
cd .. | |
rmdir /s /q package | |
# Start on Node 10 because we dont test on anything lower | |
- name: Install npm@7 on Node 10 | |
shell: bash | |
if: startsWith(steps.node.outputs.node-version, 'v10.') | |
id: npm-7 | |
run: | | |
npm i --prefer-online --no-fund --no-audit -g npm@7 | |
echo "updated=true" >> "$GITHUB_OUTPUT" | |
- name: Install npm@8 on Node 12 | |
shell: bash | |
if: startsWith(steps.node.outputs.node-version, 'v12.') | |
id: npm-8 | |
run: | | |
npm i --prefer-online --no-fund --no-audit -g npm@8 | |
echo "updated=true" >> "$GITHUB_OUTPUT" | |
- name: Install npm@9 on Node 14/16/18.0 | |
shell: bash | |
if: startsWith(steps.node.outputs.node-version, 'v14.') || startsWith(steps.node.outputs.node-version, 'v16.') || startsWith(steps.node.outputs.node-version, 'v18.0.') | |
id: npm-9 | |
run: | | |
npm i --prefer-online --no-fund --no-audit -g npm@9 | |
echo "updated=true" >> "$GITHUB_OUTPUT" | |
- name: Install npm@latest on Node | |
if: ${{ !(steps.npm-7.outputs.updated || steps.npm-8.outputs.updated || steps.npm-9.outputs.updated) }} | |
run: npm i --prefer-online --no-fund --no-audit -g npm@latest | |
- name: npm Version | |
run: npm -v | |
- name: Install Dependencies | |
run: npm i --ignore-scripts --no-audit --no-fund --package-lock | |
- name: Run Production Audit | |
run: npm audit --omit=dev | |
- name: Run Full Audit | |
run: npm audit --audit-level=none |