PKG-Defender Action v1.0.0
Released July 7, 2026
What's Changed
Added
- CI workflow: new
.github/workflows/ci.ymlruns tests on every push/PR tomain - Initial release of the PKG-Defender GitHub Action
fail-oninput to control workflow failure threshold (critical, high, medium, low, none)lock-filesinput to configure glob pattern for lock file discoveryfindings,summary, andexit-codeoutputs for downstream workflow steps- Thin CLI wrapper that installs
pkg-defendervia pip and runspkgd audit - Automatic lock file discovery for npm, PyPI, Cargo, and RubyGems ecosystems
- Smart
--fail-on-threatflag passthrough matching pkgd's CRITICAL/HIGH threshold - Graceful handling of missing lock files, empty results, and malformed output
- Comprehensive test suite with 39 unit tests
- Input validation with warnings for invalid
fail-onvalues
📖 3 Commits in this release
| Commit | Description | Author |
|---|---|---|
fe3d7dc |
fix(release): release asset discovery | Division 7 |
aaa272e |
feat(release): prepare for v1 action release; sync contents from main pkgd repo | Division 7 |
377431e |
init: first commit in prod action repo from main pkg-defender repo | Division 7 |