advisor CLI usage with node not working

Question

advisor CLI usage with node not working

megies opened this issue a year ago · comments

I've tried to use the advisor from command line as detailed in the README, but I keep getting what looks like a syntax error to me (don't know node at all).

SyntaxError: Unexpected token ':'
    at internalCompileFunction (node:internal/vm:73:18)
    at wrapSafe (node:internal/modules/cjs/loader:1153:20)
    at Module._compile (node:internal/modules/cjs/loader:1197:27)
    at Module._extensions..js (node:internal/modules/cjs/loader:1287:10)
    at Module.load (node:internal/modules/cjs/loader:1091:32)
    at Module._load (node:internal/modules/cjs/loader:938:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
    at node:internal/main/run_main_module:23:47

Node.js v20.4.0

I've tried this with node from Debian packages (oldstable aka "bullseye) that have node v12.22.12 and with Linux binary downloads for node version LTS v18.16.1 and current v20.4.0, error message is the same just with different line numbers it seems.

Only thing I can think of is that the GITHUB_TOKEN is for my personal account and I'm trying to look at an organization project (which I am on of the owners of). But like I said, without knowing javascript that error seems like a syntax issue to me.

$ node index.js tests.yml 1 obspy obspy master

Any ideas? I'd prefer a simple CLI usage over adding workflows to introspect recommended permission settings if possible, so I was happy to see that usage in the Readme..

Jaroslav Lobačevski · Answer 1 · Thu Jul 27 2023 21:41:34 GMT+0800 (China Standard Time)

Hi, sorry for the delay. Unfortunately I don't know what is wrong in your case. Any chance you tried to run the index.js from the source folder, not the one from dist?

Tobias Megies · Answer 2 · Fri Jul 28 2023 16:04:37 GMT+0800 (China Standard Time)

I followed the download link in the README: https://github.com/GitHubSecurityLab/actions-permissions/blob/main/advisor/dist/index.js

So, now I tried again and it errors out again, but then tried the one from the last release and that seems to do something, seems like the current dev version is broken?

Jaroslav Lobačevski · Answer 3 · Fri Jul 28 2023 16:26:44 GMT+0800 (China Standard Time)

The file wasn't changed since the initial commit https://github.com/GitHubSecurityLab/actions-permissions/commits/main/advisor/dist/index.js but the link in readme was wrong at some point 5be1ca2
I'm closing it you cannot reproduce it anymore.