Open trivikr opened 2 days ago
The module is-my-node-vulnerable is designed to be a CLI/API as well as GitHub Action.
is-my-node-vulnerable
The consumers of CLI/API need to download GitHub Action specific dependencies, like @actions/core which they don't need https://github.com/RafaelGSS/is-my-node-vulnerable/blob/050a05a0798054e069bd305e866a84e326bba558/package.json#L30
@actions/core
Move action to a different package, and call is-my-node-vulnerable API from it.
Discussion on Twitter: https://x.com/trivikram/status/1848096860755435622
Is your feature request related to a problem? Please describe.
The module
is-my-node-vulnerableis designed to be a CLI/API as well as GitHub Action.The consumers of CLI/API need to download GitHub Action specific dependencies, like
@actions/corewhich they don't need https://github.com/RafaelGSS/is-my-node-vulnerable/blob/050a05a0798054e069bd305e866a84e326bba558/package.json#L30Describe the solution you'd like
Move action to a different package, and call
is-my-node-vulnerableAPI from it.Additional context
Discussion on Twitter: https://x.com/trivikram/status/1848096860755435622