From 04acf4a278c73d9ccd012edd53c467b5010e914e Mon Sep 17 00:00:00 2001
From: Hugh Hackman <hugh@privilegedescalation>
Date: Wed, 15 Apr 2026 00:20:34 +0000
Subject: [PATCH] fix: use npm audit for both package managers (retired pnpm
 endpoint)

---
 .github/workflows/plugin-ci.yaml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/plugin-ci.yaml b/.github/workflows/plugin-ci.yaml
index 07e8947..919d1d1 100644
--- a/.github/workflows/plugin-ci.yaml
+++ b/.github/workflows/plugin-ci.yaml
@@ -168,8 +168,6 @@ jobs:
 
       - name: Security audit
         run: |
-          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
-            pnpm audit --prod
-          else
-            npm audit --omit=dev
-          fi
+          # npm retired the audit endpoint pnpm uses. Use npm's audit for both
+          # package managers to avoid 410 errors.
+          npm audit --omit=dev