ci: add npm audit step to shared plugin CI workflow
Adds a security audit step (npm audit --omit=dev) to catch known vulnerabilities in production dependencies. Runs after tests so build failures are reported before audit findings. Uses --omit=dev to focus on production-facing risk. This covers all 6 plugin repos that use the shared workflow.
This commit is contained in:
gandalf-the-greybeard[bot]
@@ -41,3 +41,6 @@ jobs:
|
||||
|
||||
- name: Run tests
|
||||
run: npm test
|
||||
|
||||
- name: Security audit
|
||||
run: npm audit --omit=dev
|
||||
|
||||
Reference in New Issue
Block a user