1  name: 🔒 Dependency Audit
 2  
 3  on:
 4    pull_request:
 5      paths:
 6        - package.json
 7        - package-lock.json
 8        - .github/scripts/package.json
 9        - .github/scripts/package-lock.json
10    workflow_dispatch: {}
11  
12  permissions:
13    contents: read
14  
15  jobs:
16    audit:
17      name: npm audit (prod deps)
18      runs-on: ubuntu-latest
19      steps:
20        - name: 📥 Checkout
21          uses: actions/checkout@v4
22  
23        - name: 📦 Setup Node
24          uses: actions/setup-node@v4
25          with:
26            node-version: "20"
27  
28        - name: 🔎 Audit Root
29          run: |
30            npm audit --omit=dev --audit-level=moderate
31  
32        - name: 🔎 Audit Workflow Scripts
33          run: |
34            cd .github/scripts
35            npm audit --omit=dev --audit-level=moderate