diff --git a/.github/workflows/npm_audit.yml b/.github/workflows/npm_audit.yml
index 1d4f85c2b..f1db12f56 100644
--- a/.github/workflows/npm_audit.yml
+++ b/.github/workflows/npm_audit.yml
@@ -35,9 +35,9 @@ jobs:
           npm audit --package-lock-only --loglevel=error;
           
           # The npm audit command will exit with a 0 exit code if no vulnerabilities were found.
-          if [ $? -eq 0 ]; then create_pr=true; else create_pr=false; fi;
+          if [ $? -eq 0 ]; then create_pr=false; else create_pr=true; fi;
 
-          echo "should_create_pr=${create_pr}" >> $GITHUB_OUTPUT
+          echo "should_create_pr=${create_pr}" >> $GITHUB_ENV
 
       - name: Run npm audit fix
         if: steps.npm_audit.outputs.should_create_pr == 'true'