Skip to content

Clear up package name confusion#514

Merged
joshmgross merged 2 commits into
mainfrom
joshmgross/update-package-name
Jan 17, 2025
Merged

Clear up package name confusion#514
joshmgross merged 2 commits into
mainfrom
joshmgross/update-package-name

Conversation

@joshmgross

Copy link
Copy Markdown
Contributor

This repository is not the github-script package that's been identified as malware and it has never been published to the NPM registry.

Installing this repository as a repository package via NPM warns about this vulnerability due to the package.json name github-script. To clear up confusion, I've changed this name to @actions/github-script which is under our controlled Actions NPM scope.

@joshmgross joshmgross requested a review from a team as a code owner January 17, 2025 19:42
@joshmgross joshmgross temporarily deployed to debug-integration-test January 17, 2025 19:42 — with GitHub Actions Inactive
@github-actions

github-actions Bot commented Jan 17, 2025

Copy link
Copy Markdown

Hello from actions/github-script! (ed2e029)

@joshmgross joshmgross merged commit c6fc059 into main Jan 17, 2025
@joshmgross joshmgross deleted the joshmgross/update-package-name branch January 17, 2025 20:00
@joshmgross

Copy link
Copy Markdown
Contributor Author

Before this change:

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

added 38 packages, and audited 39 packages in 7s

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

~/projects/github-script-types 7s
❯ npm audit                                                   
# npm audit report

github-script  *
Severity: critical
Malware in github-script - https://github.com/advisories/GHSA-v9m5-8c6w-p3m5
No fix available
node_modules/@actions/github-script

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Now:

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

changed 1 package, and audited 39 packages in 5s

found 0 vulnerabilities

~/projects/github-script-types 6s
❯ npm audit                                                   
found 0 vulnerabilities
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants