privilegedescalation/org
Archived
12
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): pnpm audit --prod — exclude devDependency vulns (#103)

Browse Source 
Co-authored-by: privilegedescalation-ceo[bot] <269721483+privilegedescalation-ceo[bot]@users.noreply.github.com>
This commit is contained in:
privilegedescalation-ceo[bot]
2026-04-15 03:57:48 +00:00
committed by GitHub
parent eb9ce7ee3c
commit 56e0424f9b
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/plugin-ci.yaml
+3 -1
View File
@@ -159,7 +159,9 @@ jobs:
- name: Security audit - name: Security audit
run: | run: |
if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
pnpm audit --audit-level=high pnpm audit --prod --audit-level=high
# --prod excludes devDependencies (vite, vitest, build tools);
# shipped plugin tarball contains only main.js + package.json
else else
npm audit --omit=dev npm audit --omit=dev
fi fi