Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@actions/workflow-parser
Advanced tools
actions/workflow-parser
@actions/workflow-parser is a library to parse GitHub Actions workflows.
Installation
The package contains TypeScript types and compiled ECMAScript modules.
npm install @actions/workflow-parser
Usage
The parser is driven by a custom schema defined in worflows-v1.0.json.
Simple example
parseWorkflow parses the workflow YAML into an intermediate representation and validates that it conforms to the schema. Any parsing errors are returned in the errors property of the result context.
var trace: TraceWriter;
const result = parseWorkflow(
{
name: "test.yaml",
content: `on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- run: echo 'hello'`
},
trace
);
convertWorkflowTemplate then takes that intermediate representation and converts it to a WorkflowTemplate object, which is a more convenient representation for working with workflows.
const workflowTemplate = await convertWorkflowTemplate(result.context, result.value);
// workflowTemplate.jobs[0].id === "build"
// workflowTemplate.jobs[0].steps[0].run === "echo 'hello'"
Contributing
See CONTRIBUTING.md at the root of the repository for general guidelines and recommendations.
Similar to `actions/expressions, this project is just one of multiple implementations of the GitHub Actions workflow parser. We therefore cannot accept contributions that significantly modify the schema or the overall behavior of the parser. If you would like to propose changes to Actions itself, please use our Community Forum.
If you do want to contribute, please run prettier to format your code and add unit tests as appropriate before submitting your PR. ./testdata contains test cases that all implementations should pass, please also make sure those tests are still passing.
Build
npm run build
or to watch for changes
npm run watch
Test
npm test
or to watch for changes and run tests:
npm run test-watch
Lint
npm run format-check
License
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
FAQs
Unknown package
The npm package @actions/workflow-parser receives a total of 448 weekly downloads. As such, @actions/workflow-parser popularity was classified as not popular.
We found that @actions/workflow-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 10 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025