Skip to content

Clear up package name confusion #514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 17, 2025
Merged

Clear up package name confusion #514

merged 2 commits into from
Jan 17, 2025

Conversation

joshmgross
Copy link
Member

This repository is not the github-script package that's been identified as malware and it has never been published to the NPM registry.

Installing this repository as a repository package via NPM warns about this vulnerability due to the package.json name github-script. To clear up confusion, I've changed this name to @actions/github-script which is under our controlled Actions NPM scope.

@joshmgross joshmgross requested a review from a team as a code owner January 17, 2025 19:42
@joshmgross joshmgross temporarily deployed to debug-integration-test January 17, 2025 19:42 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 17, 2025
edited
Loading

Hello from actions/github-script! (ed2e029)

@joshmgross joshmgross temporarily deployed to debug-integration-test January 17, 2025 19:44 — with GitHub Actions Inactive
@joshmgross joshmgross mentioned this pull request Jan 17, 2025
Closed
@joshmgross joshmgross merged commit c6fc059 into main Jan 17, 2025
14 checks passed
@joshmgross joshmgross deleted the joshmgross/update-package-name branch January 17, 2025 20:00
@joshmgross
Copy link
Member Author

Before this change:

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

added 38 packages, and audited 39 packages in 7s

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

~/projects/github-script-types 7s
❯ npm audit                                                   
# npm audit report

github-script  *
Severity: critical
Malware in github-script - https://github.com/advisories/GHSA-v9m5-8c6w-p3m5
No fix available
node_modules/@actions/github-script

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Now:

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

changed 1 package, and audited 39 packages in 5s

found 0 vulnerabilities

~/projects/github-script-types 6s
❯ npm audit                                                   
found 0 vulnerabilities

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yacaovsnc yacaovsnc yacaovsnc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshmgross @yacaovsnc