Manage Dependencies

Manage Dependencies

Actions allows you to use packages from the npm registry. You can install and manage dependencies for your Actions using either the Actions Code Editor in the Auth0 Dashboard or the Auth0 Management API.

Add a dependency using the Actions Code Editor

To add a dependency on a package from the public npm registry:

  1. Navigate to Auth0 Dashboard > Actions > Library, and select your Action.

  2. Locate the Actions Code Editor, and select Modules (cube icon) in its sidebar.

  3. Select Add Module, and enter the name of the module. To use the latest available version of the package, you can leave the version field blank.

  4. In your Actions code, require the module. For example, if you added the Axios package, you would add the following line at the top of your code in the Actions Code Editor:

    const axios = require('axios');
    

    Was this helpful?

    /

Add a dependency using the Auth0 Management API

Alternatively, you can add a dependency using the Auth0 Management API's Create Action endpoint. When calling the endpoint, specify the dependencies in the payload:

curl -H "Authorization: Bearer MANAGE_API_TOKEN" \
     -X POST  -H "Content-Type: application/json" \
     -d '{ \
            "name":"my-action", \
            "supported_triggers":[{"id":"post-login","version":"v2"}], \
            "code":"module.exports = () => {}",\
            "dependencies": [{\
                "name":"lodash",\
                "version":"4.17.21"\
            }],\
            "runtime":"node14"\
        }' \
    https://YOUR_TENANT.com/api/v2/actions/actions

Was this helpful?

/

Security considerations

Third-party packages can contain vulnerabilities and malicious code, so we recommend auditing packages before using them in your Actions. We also recommend that you continuously monitor packages for vulnerabilities using software composition analysis tools.

Limitations for dependencies in Actions

No native module support

Native modules cannot be used in Actions. When executing an Action that depends on a native module, the Action will error with a message containing Compilation failed: Cannot find module.

To check whether an npm package is native, navigate to the public Github repository for the npm package and review the languages the code uses in the sidebar. If the languages include C/C++, the package is likely native. Popular examples include bcrypt and sqlite3.

No private module or private registry support

Private npm modules and private npm registries cannot be used with Actions. Actions uses the public npm registry.