Skip to content

Clear up package name confusion#514

Merged
joshmgross merged 2 commits intomainfrom
joshmgross/update-package-name
Jan 17, 2025
Merged

Clear up package name confusion#514
joshmgross merged 2 commits intomainfrom
joshmgross/update-package-name

Conversation

@joshmgross
Copy link
Contributor

@joshmgross joshmgross commented Jan 17, 2025

This repository is not the github-script package that's been identified as malware and it has never been published to the NPM registry.

Installing this repository as a repository package via NPM warns about this vulnerability due to the package.json name github-script. To clear up confusion, I've changed this name to @actions/github-script which is under our controlled Actions NPM scope.

@joshmgross joshmgross requested a review from a team as a code owner January 17, 2025 19:42
@joshmgross joshmgross temporarily deployed to debug-integration-test January 17, 2025 19:42 — with GitHub Actions Inactive
@github-actions
Copy link

github-actions bot commented Jan 17, 2025
edited
Loading

Hello from actions/github-script! (ed2e029)

@joshmgross joshmgross temporarily deployed to debug-integration-test January 17, 2025 19:44 — with GitHub Actions Inactive
@joshmgross joshmgross mentioned this pull request Jan 17, 2025
Closed
@joshmgross joshmgross merged commit c6fc059 into main Jan 17, 2025
14 checks passed
@joshmgross joshmgross deleted the joshmgross/update-package-name branch January 17, 2025 20:00
@joshmgross
Copy link
Contributor Author

joshmgross commented Jan 17, 2025

Before this change:

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

added 38 packages, and audited 39 packages in 7s

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

~/projects/github-script-types 7s
❯ npm audit                                                   
# npm audit report

github-script  *
Severity: critical
Malware in github-script - https://github.com/advisories/GHSA-v9m5-8c6w-p3m5
No fix available
node_modules/@actions/github-script

1 critical severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Now:

~/projects/github-script-types
❯ npm i -D @actions/github-script@github:actions/github-script

changed 1 package, and audited 39 packages in 5s

found 0 vulnerabilities

~/projects/github-script-types 6s
❯ npm audit                                                   
found 0 vulnerabilities

@github-actions github-actions bot mentioned this pull request Sep 4, 2025
Merged
@github-actions github-actions bot mentioned this pull request Nov 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yacaovsnc yacaovsnc yacaovsnc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshmgross @yacaovsnc