ci: add npm audit step to shared plugin CI workflow

Adds a security audit step (npm audit --omit=dev) to catch known vulnerabilities in production dependencies. Runs after tests so build failures are reported before audit findings. Uses --omit=dev to focus on production-facing risk. This covers all 6 plugin repos that use the shared workflow.
2026-03-08 19:02:12 +00:00
parent 5ca5a7ef45
commit 991278ebac
1 changed files with 3 additions and 0 deletions
@@ -41,3 +41,6 @@ jobs:

      - name: Run tests
        run: npm test
+
+      - name: Security audit
+        run: npm audit --omit=dev