diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..9a921d4e
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,4 @@
+# force unix line endings for consistent ncc output
+*.js text eol=lf
+package.json text eol=lf
+package-lock.json text eol=lf
diff --git a/dos2unix.js b/dos2unix.js
new file mode 100644
index 00000000..a8265c4b
--- /dev/null
+++ b/dos2unix.js
@@ -0,0 +1,6 @@
+const fs = require("fs");
+for (const f of process.argv.slice(2)) {
+  let contents = fs.readFileSync(f, { encoding: "utf-8" });
+  contents = contents.replace(/\r/g, "");
+  fs.writeFileSync(f, contents, { encoding: "utf-8" });
+}
diff --git a/package.json b/package.json
index 341e77c1..6e792ef7 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,8 @@
   "name": "anchore-scan-action",
   "version": "2.0.2",
   "description": "Anchore image scan github action",
-  "main": "index.js",
+  "source": "index.js",
+  "main": "dist/index.js",
   "directories": {
     "lib": "lib",
     "test": "tests"
@@ -13,8 +14,8 @@
     "test": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --runInBand",
     "test:update-snapshots": "eslint index.js && npm run download-pinned-grype-db && GRYPE_DB_AUTO_UPDATE=false GRYPE_DB_CACHE_DIR=./grype-db GRYPE_DB_VALIDATE_AGE=false jest --updateSnapshot",
     "download-pinned-grype-db": "mkdir -p grype-db/5 && curl -sL https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v5_2022-10-17T08:14:57Z_b50a86ce07d268101316.tar.gz | tar zxf - -C grype-db/5",
-    "build": "ncc build ./index.js",
-    "precommit": "npm run build && git add dist/",
+    "build": "ncc build ./index.js && node dos2unix.js dist/index.js",
+    "precommit": "npm run prettier && npm run build && git add dist/",
     "prepare": "husky install",
     "prettier": "prettier -w *.js && prettier -w tests/*.js",
     "update-deps": "ncu -u && npm i && npm audit fix"