name: NPM Lockfile Changes on: pull_request: paths: - 'package-lock.json' jobs: lockfile_changes: runs-on: ubuntu-latest # Permission overwrite is required for Dependabot PRs, see "Common issues" below. permissions: contents: read pull-requests: write steps: - name: Checkout uses: actions/checkout@v3.2.0 with: submodules: true - name: NPM Lockfile Changes uses: codepunkt/npm-lockfile-changes@b40543471c36394409466fdb277a73a0856d7891 with: token: ${{ secrets.GITHUB_TOKEN }} # Optional inputs, can be deleted safely if you are happy with default values. collapsibleThreshold: 25 failOnDowngrade: false path: package-lock.json updateComment: true