rootio_patcher
rootio_patcher is Root’s open-source CLI tool for applying security patches to your project’s dependencies. It scans installed packages and applies fixes from Root’s vulnerability database - modifying your requirements.txt, package.json, or pom.xml without changing package versions unless necessary.
Source: github.com/rootio-avr/rootio_patcher
For full documentation, see Root Library Catalog Patcher.
Installation
Download pre-built binaries from the GitHub releases page: Supported platforms: Linux x86_64, macOS (Apple Silicon, Intel), Windows x86_64 Or build from source (requires Go):Authentication
Set your API token before running any commands:Commands
Python (pip)
JavaScript (npm / yarn / pnpm)
Java (Maven)
Workflow
The recommended workflow is always to preview before applying:Flags Reference
Exit Codes
When running in dry-run mode (the default),rootio_patcher exits with a code indicating the outcome. Use this to gate pipelines without modifying any files.
GitHub Actions
rootio-patch (vulnerability check)
A reusable composite action runsrootio_patcher in dry-run mode and fails the job if patches are available (exit code 2). No files are modified.
Outputs:
Environment variables:
Advanced settings are not action inputs — pass them as
env: on the step: