Requires 2FA for publishing an npm org’s packages.
Required A token to authenticate with the npm registry. An read-only token should be provided, not an automation or publish token.
Required The npm org to audit. For example, "smockle"
.
Optional A space-delimited list of npm packages which should not require 2FA for publishing. For example, "@smockle/contrast @smockle/periodic"
.
- name: Package Audit
uses: smockle/action-package-audit@main
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
PACKAGE_AUDIT_ORG: "smockle"
PACKAGE_AUDIT_EXCEPTIONS: "@smockle/contrast @smockle/periodic"