npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

github-show-actions

v2.1.0

Published

Show all GitHub Actions used by a user/org

Downloads

17

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mheapmheap

Keywords

GitHubActionsCLI

Readme

github-show-actions

This CLI allows you to audit which GitHub Actions are being used by a user / org / team.

Warning: It will make a lot of API calls as it has to list your repos, then list the workflows directory, then fetch the contents of each workflows

Installation

NPM

npm install -g github-show-actions

Docker

alias github-show-actions="docker run --rm -e GITHUB_TOKEN mheap/github-show-actions"

Example output

Example Output

Usage

You'll need to authenticate to use this tool. You can either set the GITHUB_TOKEN environment variable, or pass the --pat flag. Generate a new Personal Access Token on GitHub.

If you have gh-cli installed, you can authenticate with gh auth login --scopes repo and then run this tool without any additional configuration. For GitHub Enterprise, you can use gh auth login --hostname <your-ghe-hostname> to authenticate and then run the tool with the --base-url flag.

# Set environment variables
export GITHUB_TOKEN=$(gh auth token --hostname your_company.ghe.com)
export GITHUB_BASE_URL=https://your_company.ghe.com/api/v3

# Run the tool
github-show-actions --target your_org --base-url $GITHUB_BASE_URL

The simplest usage of this tool is to pass the --target parameter. This will return a list of actions used in all public and private repos, grouped by repo

github-show-actions --target <org>

You can pass the --format json flag to see the raw data

To get the same information, but group by the action name/version instead you can use the --group flag:

github-show-actions --target <org> --group action

The action takes quite a while to run, so you may want to cache the data returned. You can do so with the --cache flag (this will always return the same data, ignoring any flags you pass except group and show-workflow):

github-show-actions --target <org> --group action --cache /tmp/cache.json

If you'd like to show actions used in public repos only you can pass the --visibility parameter:

github-show-actions --target <org> --group action  --cache /tmp/cache.json --visibility public

Generate list of external action without versions (useful to prepare allow list for organization):

❯ github-show-actions \
  --target my_org \
  --base-url $GITHUB_BASE_URL \
  --group action \
  --cache .cache.json \
  --actions-only-external \
  --strip-version-number \
  --exclude-orgs "some-org-1,some-org-2"

Finally, if you'd like to see the workflow name that uses each action you can pass --show-workflow:

github-show-actions --target <org> --group action  --cache /tmp/cache.json --visibility public  --show-workflow

See github-show-actions --help for a full list of options

FAQ

Why doesn't this use the /search API to find workflows?

The search API has a timeout which means that it can not be relied on to return all workflows