mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-17 14:14:55 +00:00
This commit fixes the parser to handle both JSON lines and multi-line JSON formats from govulncheck, and adds tools for local testing: - Updated parser to detect and handle both JSON lines and pretty-printed JSON - Added logic to skip govulncheck installation if already present - Created run-local.js for testing the action locally without GitHub Actions - Added test:local npm script for easy local testing - Changed example to use a version of golang.org/x/net with known vulnerabilities The parser now correctly identifies 14 vulnerabilities in the example, including ones that trace to the html.Parse call in main.go. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
43 lines
917 B
JSON
43 lines
917 B
JSON
{
|
|
"name": "govulncheck-action",
|
|
"version": "1.0.0",
|
|
"description": "GitHub Action to run govulncheck and annotate vulnerabilities",
|
|
"main": "index.js",
|
|
"scripts": {
|
|
"build": "ncc build index.js -o dist",
|
|
"test": "jest",
|
|
"test:watch": "jest --watch",
|
|
"test:coverage": "jest --coverage",
|
|
"test:local": "node test-local.js"
|
|
},
|
|
"keywords": [
|
|
"github",
|
|
"action"
|
|
],
|
|
"author": "",
|
|
"license": "MIT",
|
|
"dependencies": {
|
|
"@actions/core": "^1.10.1",
|
|
"@actions/github": "^6.0.0",
|
|
"@actions/exec": "^1.1.1"
|
|
},
|
|
"devDependencies": {
|
|
"jest": "^29.7.0",
|
|
"@vercel/ncc": "^0.38.1"
|
|
},
|
|
"jest": {
|
|
"testEnvironment": "node",
|
|
"collectCoverageFrom": [
|
|
"index.js",
|
|
"lib/**/*.js"
|
|
],
|
|
"coverageThreshold": {
|
|
"global": {
|
|
"branches": 80,
|
|
"functions": 80,
|
|
"lines": 80,
|
|
"statements": 80
|
|
}
|
|
}
|
|
}
|
|
}
|