diff --git a/.github/workflows/plugin-ci.yaml b/.github/workflows/plugin-ci.yaml
index 786686e..c4ba42b 100644
--- a/.github/workflows/plugin-ci.yaml
+++ b/.github/workflows/plugin-ci.yaml
@@ -158,15 +158,12 @@ jobs:
 
       - name: Security audit
         run: |
-          # The pnpm registry audit endpoint is retired (HTTP 410).
-          # Use npm's offline audit to check installed packages without network.
-          # For pnpm repos: generate a minimal package-lock.json from pnpm-lock.yaml via npm install --package-lock-only
-          # For npm repos: use npm audit directly.
+          # pnpm audit endpoint retired (HTTP 410). Use npm audit instead.
+          # pnpm projects lack package-lock.json so we generate one first.
+          # --no-audit skips the implicit audit during install (we run it explicitly after).
           if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
-            # Use --ignore-scripts to avoid running lifecycle hooks which may conflict with pnpm
-            # Use --no-audit to skip the audit during install (we audit after)
-            npm install --package-lock-only --ignore-scripts --quiet --no-audit 2>/dev/null || true
-            npm audit --omit=dev --audit-level=moderate
+            npm install --package-lock-only --ignore-scripts --no-audit
+            npm audit --omit=dev
           else
-            npm audit --omit=dev --audit-level=moderate
+            npm audit --omit=dev
           fi