.github/workflows/npm-audit.yml

@@ -0,0 +1,61 @@
+name: Npm audit
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 12 * * 0'  # Run every fortnight on Sunday at 12
+
+jobs:
+  npm_audit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run npm audit
+        id: npm_audit
+        run: |
+          node_version=$(cat .nvmrc)
+          echo "Using Node.js version $node_version"
+          export NVM_DIR="$HOME/.nvm" && [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+          nvm install $node_version
+          nvm use $node_version
+          npm install --silent
+          set +e
+          npm audit --package-lock-only --loglevel=error;
+          # The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
+          if [ $? -gt 0 ]; then
+            npm audit fix --package-lock-only --loglevel=error;
+            if [ $? -gt 0 ]; then
+              echo "BC_BREAK=:exclamation: NPM Audit fix could not fix all vulnerabilities. Fix them manually by running \`npm audit fix --force\` and test the functionalities thoroughly as there might be breaking changes. :exclamation:" >> $GITHUB_ENV;
+            fi;
+            echo "CREATE_PR=true" >> $GITHUB_OUTPUT;
+          fi;
+          set -e
+
+      - name: Create Pull Request
+        if: steps.npm_audit.outputs.CREATE_PR == 'true'
+        uses: peter-evans/create-pull-request@v4
+        with:
+          committer: GitHub <noreply@github.com>
+          author: actions-bot <actions-bot@users.noreply.github.com>
+          commit-message: Updated node modules based on npm audit fix
+          title: Automatic npm audit fix
+          labels: auto-update
+          body: |
+            # Npm audit
+            
+            ${{ env.BC_BREAK }}
+
+            ## How to install
+
+            * Run `nvm use && npm i && npm run start`
+
+            ## How to test
+            Run `npm audit`
+
+            * [ ] Check that the `npm audit` prints `found 0 vulnerabilities`
+            * [ ] Check that the changes for distributed files are sensible
+
+          branch: automation/npm-audit

.nvmrc

@@ -1 +1 @@
-lts/iron
+22

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 City of Helsinki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -5,8 +5,12 @@ First, make sure you have installed the helfi-paatokset project and have set it
 ## Getting started
 
 ```console
+foo@bar:~$ nvm use
 foo@bar:~$ npm i
 foo@bar:~$ npm start
+
+# In case of ERR_OSSL_EVP_UNSUPPOERTED error, instead of 'npm start' run:
+NODE_OPTIONS=--openssl-legacy-provider npm start
 ```
 
 Make sure your elastic container is up and running.