update README & npm run all

Author: oke-py

.github/workflows/daily.yml

@@ -12,7 +12,7 @@ jobs:
       - uses: actions/checkout@v2
       - name: install dependencies
         run: npm ci
-      - uses: oke-py/npm-audit-action@v1.5.2
+      - uses: oke-py/npm-audit-action@v1.6.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           issue_assignees: oke-py

README.md

@@ -58,7 +58,7 @@ jobs:
       - uses: actions/checkout@v2
       - name: install dependencies
         run: npm ci
-      - uses: oke-py/npm-audit-action@v1.5.2
+      - uses: oke-py/npm-audit-action@v1.6.0
         with:
           audit_level: moderate
           github_token: ${{ secrets.GITHUB_TOKEN }}

dist/index.js

@@ -556,9 +556,13 @@ class Audit {
         this.stdout = '';
         this.status = null;
     }
-    run(auditLevel) {
+    run(auditLevel, productionFlag) {
         try {
-            const result = child_process_1.spawnSync('npm', ['audit', '--audit-level', auditLevel], {
+            const auditOptions = ['audit', '--audit-level', auditLevel];
+            if (productionFlag === 'true') {
+                auditOptions.push('--production');
+            }
+            const result = child_process_1.spawnSync('npm', auditOptions, {
                 encoding: 'utf-8',
                 maxBuffer: SPAWN_PROCESS_BUFFER_SIZE
             });
@@ -1427,9 +1431,13 @@ function run() {
             if (!['critical', 'high', 'moderate', 'low'].includes(auditLevel)) {
                 throw new Error('Invalid input: audit_level');
             }
+            const productionFlag = core.getInput('production_flag', { required: false });
+            if (!['true', 'false'].includes(productionFlag)) {
+                throw new Error('Invalid input: production_flag');
+            }
             // run `npm audit`
             const audit = new audit_1.Audit();
-            audit.run(auditLevel);
+            audit.run(auditLevel, productionFlag);
             core.info(audit.stdout);
             if (audit.foundVulnerability()) {
                 // vulnerabilities are found

src/audit.ts

@@ -9,20 +9,16 @@ export class Audit {
 
   public run(auditLevel: string, productionFlag: string): void {
     try {
-      const auditOptions: Array<string> =['audit', '--audit-level', auditLevel];
-      
-      if(productionFlag === 'true') {
-        auditOptions.push('--production');
+      const auditOptions: Array<string> = ['audit', '--audit-level', auditLevel]
+
+      if (productionFlag === 'true') {
+        auditOptions.push('--production')
       }
 
-      const result: SpawnSyncReturns<string> = spawnSync(
-        'npm',
-        auditOptions,
-        {
-          encoding: 'utf-8',
-          maxBuffer: SPAWN_PROCESS_BUFFER_SIZE
-        }
-      )
+      const result: SpawnSyncReturns<string> = spawnSync('npm', auditOptions, {
+        encoding: 'utf-8',
+        maxBuffer: SPAWN_PROCESS_BUFFER_SIZE
+      })
 
       if (result.error) {
         throw result.error

src/main.ts

@@ -25,7 +25,7 @@ export async function run(): Promise<void> {
       throw new Error('Invalid input: audit_level')
     }
 
-    const productionFlag = core.getInput('production_flag',  {required: false});
+    const productionFlag = core.getInput('production_flag', {required: false})
     if (!['true', 'false'].includes(productionFlag)) {
       throw new Error('Invalid input: production_flag')
     }