NO-ISSUE a

Author: Yang-33

.github/workflows/npm-audit.yml

@@ -27,7 +27,7 @@ jobs:
 
       - name: Create or update reminder issue
         if: steps.audit.outcome == 'failure'
-        uses: actions/github-script@v7
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           TZ: 'Asia/Tokyo'
         with:

scripts/npm-audit.sh

@@ -1,13 +1,20 @@
-find . -name package-lock.json \
-      -not -path "./node_modules/*" \
-      -execdir sh -c '
-        printf "\033[1;34m==> %s\033[0m\n" "$PWD"
-        npm audit fix --force
-      ' \;
-
-if [ -n "$(git status --porcelain)" ]; then
-    echo "Changes detected after 'npm audit fix'"
-    exit 1
+#!/usr/bin/env bash
+set -euo pipefail
+
+errors=0
+
+find . -name package-lock.json -not -path "./node_modules/*" -print0 |
+  xargs -0 -n1 dirname | sort -u |
+  while IFS= read -r dir; do
+    printf '\n\n\n'
+    printf '\033[1;34m==> %s\033[0m\n' "$dir"
+    (cd "$dir" && npm audit) || errors=1
+  done
+
+if [ "$errors" -eq 0 ]; then
+  echo "npm audit passed: no vulnerabilities detected"
 else
-    echo "No changes detected after 'npm audit fix'"
+  echo "npm audit reported vulnerabilities. Fix all vulnerabilities before committing."
 fi
+
+exit "$errors"