Skip to content
This repository has been archived by the owner on Oct 26, 2022. It is now read-only.

Latest commit

 

History

History
28 lines (18 loc) · 815 Bytes

README.md

File metadata and controls

28 lines (18 loc) · 815 Bytes

action-package-audit

Requires 2FA for publishing an npm org’s packages.

Environment Variables

NPM_TOKEN

Required A token to authenticate with the npm registry. An read-only token should be provided, not an automation or publish token.

PACKAGE_AUDIT_ORG

Required The npm org to audit. For example, "smockle".

PACKAGE_AUDIT_EXCEPTIONS

Optional A space-delimited list of npm packages which should not require 2FA for publishing. For example, "@smockle/contrast @smockle/periodic".

Example usage

- name: Package Audit
  uses: smockle/action-package-audit@main
  env:
    NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
    PACKAGE_AUDIT_ORG: "smockle"
    PACKAGE_AUDIT_EXCEPTIONS: "@smockle/contrast @smockle/periodic"