ci: add dependency-review action #1115

matejchalk · 2025-09-19T13:13:53Z

Motivation

In light of recent supply chain attack, we decided to enhance our security tooling.

Changes in this PR

Added dependency-review-action to check for vulnerabilities for changed dependencies on each PR.

Other related changes

All public repos in the code-pushup organization have the GitHub-recommended security configuration. This includes Dependabot alerts and CodeQL scanning.
Dependabot alerts have been enabled for private repos.

nx-cloud · 2025-09-19T13:14:36Z

View your CI Pipeline Execution ↗ for commit b9984a3

Command	Status	Duration	Result
`nx code-pushup --nx-bail -- compare`	✅ Succeeded	53s	View ↗
`nx code-pushup --nx-bail --`	✅ Succeeded	1m 25s	View ↗
`nx code-pushup --nx-bail -- print-config --outp...`	✅ Succeeded	4m 11s	View ↗

☁️ Nx Cloud last updated this comment at 2025-09-19 13:22:12 UTC

nx-cloud · 2025-09-19T13:14:36Z

View your CI Pipeline Execution ↗ for commit b9984a3

Command	Status	Duration	Result
`nx code-pushup --nx-bail --`	✅ Succeeded	1m 25s	View ↗
`nx code-pushup --nx-bail -- print-config --outp...`	✅ Succeeded	4m 11s	View ↗

☁️ Nx Cloud last updated this comment at 2025-09-19 13:20:33 UTC

pkg-pr-new · 2025-09-19T13:15:28Z

Open in StackBlitz

@code-pushup/ci

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/ci@1115

@code-pushup/cli

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/cli@1115

@code-pushup/core

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/core@1115

@code-pushup/create-cli

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/create-cli@1115

@code-pushup/nx-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/nx-plugin@1115

@code-pushup/models

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/models@1115

@code-pushup/coverage-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/coverage-plugin@1115

@code-pushup/eslint-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/eslint-plugin@1115

@code-pushup/js-packages-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/js-packages-plugin@1115

@code-pushup/jsdocs-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/jsdocs-plugin@1115

@code-pushup/lighthouse-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/lighthouse-plugin@1115

@code-pushup/typescript-plugin

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/typescript-plugin@1115

@code-pushup/utils

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/utils@1115

@code-pushup/models-transformers

npm i https://pkg.pr.new/code-pushup/cli/@code-pushup/models-transformers@1115

commit: b9984a3

github-actions · 2025-09-19T13:21:39Z

Code PushUp

🤨 Code PushUp report has both improvements and regressions – compared current commit f012142 with previous commit 3b5db5b.

🕵️ See full comparison in Code PushUp portal 🔍

🏷️ Categories

🏷️ Category	⭐ Previous score	⭐ Current score	🔄 Score change
Performance	🔴 35	🔴 41
Documentation	🔴 25	🔴 24
Code coverage	🟡 90	🟡 90
Security	🟡 56	🟡 56	–
Updates	🟡 85	🟡 85	–
Accessibility	🟢 92	🟢 92	–
Best Practices	🟢 100	🟢 100	–
SEO	🟡 61	🟡 61	–
Type Safety	🟢 100	🟢 100	–
Bug prevention	🟢 100	🟢 100	–
Miscellaneous	🟢 100	🟢 100	–
Code style	🟢 100	🟢 100	–

👍 2 groups improved, 👎 1 group regressed, 👍 6 audits improved, 👎 5 audits regressed, 11 audits changed without impacting score

🗃️ Groups

🔌 Plugin	🗃️ Group	⭐ Previous score	⭐ Current score
Lighthouse	Performance	🔴 35	🔴 41
JSDoc coverage	Documentation coverage	🔴 25	🔴 24
Code coverage	Code coverage metrics	🟡 90	🟡 90

18 other groups are unchanged.

🛡️ Audits

🔌 Plugin	🛡️ Audit	📏 Previous value	📏 Current value
Lighthouse	Initial server response time was short	🟩 Root document took 590 ms	🟥 Root document took 630 ms
Lighthouse	Avoids enormous network payloads	🟨 Total size was 2,676 KiB	🟩 Total size was 2,036 KiB
Lighthouse	Total Blocking Time	🟥 2,840 ms	🟥 1,100 ms
Lighthouse	Time to Interactive	🟥 16.8 s	🟥 12.7 s
Lighthouse	Speed Index	🟥 6.3 s	🟥 6.3 s
Lighthouse	First Contentful Paint	🟨 3.0 s	🟥 3.0 s
Lighthouse	Max Potential First Input Delay	🟥 1,080 ms	🟥 720 ms
JSDoc coverage	Functions coverage	🟥 521 undocumented functions	🟥 521 undocumented functions
Code coverage	Function coverage	🟩 92.1 %	🟩 92.3 %
JSDoc coverage	Types coverage	🟥 243 undocumented types	🟥 241 undocumented types
Code coverage	Branch coverage	🟨 85.6 %	🟨 85.5 %
Lighthouse	Metrics	🟩 100%	🟩 100%
Lighthouse	Minimizes main-thread work	🟥 11.2 s	🟥 9.2 s
Lighthouse	JavaScript execution time	🟥 5.2 s	🟥 3.6 s
Lighthouse	Uses efficient cache policy on static assets	🟨 30 resources found	🟨 31 resources found
Lighthouse	Server Backend Latencies	🟩 970 ms	🟩 1,650 ms
Lighthouse	Largest Contentful Paint	🟥 10.9 s	🟥 11.4 s
Lighthouse	Reduce unused CSS	🟥 Potential savings of 113 KiB	🟥 Potential savings of 102 KiB
Lighthouse	Reduce unused JavaScript	🟥 Potential savings of 602 KiB	🟥 Potential savings of 155 KiB
Lighthouse	Network Round Trip Times	🟩 10 ms	🟩 70 ms
Lighthouse	Avoids an excessive DOM size	🟥 2,288 elements	🟥 2,306 elements
Code coverage	Line coverage	🟨 86.3 %	🟨 86.3 %