codeur · burisu · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,2 @@
 # Folders to ignore
-.vscode/
+.vscode/
diff --git a/README.md b/README.md
@@ -100,6 +100,14 @@ jobs:
 3. Merge the PR.
 4. The release workflow will automatically bump the version, create a release, and update major/minor tags (e.g. v1).
 
+### Test locally
+
+You can test locally with a command like that:
+
+```sh
+GITHUB_WORKSPACE=$(pwd) INPUT_WORKDIR=test/rdjson_formatter/testdata INPUT_TOOL_NAME="yarn audit" INPUT_LEVEL=error INPUT_FAIL_LEVEL=any INPUT_REPORTER=local GITHUB_ACTION_PATH=$(pwd) ./script.sh
+```
+
 ## License
 
 [MIT](https://choosealicense.com/licenses/mit)
diff --git a/script.sh b/script.sh
@@ -20,14 +20,13 @@ fi
 
 export REVIEWDOG_GITHUB_API_TOKEN="${INPUT_GITHUB_TOKEN}"
 
-echo "::group:: Running yarn audit with reviewdog 🐶 (fail on ${INPUT_FAIL_LEVEL}) ..."
+echo "::group:: Running yarn audit with reviewdog 🐶..."
 
-yarn audit --json > audit.json 2>&1
-
-# NOTE: we need that to avoid yarn audit exit with non-zero code
+# NOTE: yarn audit exits with non-zero code when vulnerabilities are found,
+# so we suppress its exit code to let reviewdog determine the final result.
 # shellcheck disable=SC2086
-cat audit.json \
-  | ruby ${GITHUB_ACTION_PATH}/rdjson_formatter/rdjson_formatter.rb \
+(yarn audit --json || true) \
+  | ruby "${GITHUB_ACTION_PATH}/rdjson_formatter/rdjson_formatter.rb" \
   | reviewdog -f=rdjson \
       -name="${INPUT_TOOL_NAME}" \
       -reporter="${INPUT_REPORTER}" \