Packj is now available on GitHub marketplace!

[ashishbijlani]

Install Packj audit GitHub Runner to flag malicious/risky open-source dependencies in your pull requests.

Example usage

# This is a basic workflow to help you get started with Actions
name: Packj audit demo

# Controls when the workflow will run
on:
  pull_request:
    branches:
      - main

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:

  # This workflow contains a single job called "packj-audit"
  packj-audit:

    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:

      # Audit 
      - name: Audit dependencies
        uses: ossillate-inc/[email protected]
        with:
          DEPENDENCY_FILES: pypi:requirements.txt,npm:package.json,rubygems:Gemfile
          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Inputs

• DEPENDENCY_FILES -- _Packj takes open-source dependency files as input (e.g., npm:package.json). Multiple comma-separated files could be specified. Please see example usage above.
• REPO_TOKEN: -- specific github token, secrets.GITHUB_TOKEN is used by default (Github Action Runner)

Output

Packj will comment on the PR if any risky dependencies are found. See example PR run.