Merge pull request #100 from privilegedescalation/fix/plugin-ci-pnpm-audit

fix(plugin-ci): run pnpm audit for pnpm repos
2026-04-15 03:46:03 +00:00
parent 0792dfcceb e6eea29561
commit a8510d1802
1 changed files with 1 additions and 4 deletions
@@ -158,11 +158,8 @@ jobs:

      - name: Security audit
        run: |
-          # pnpm audit endpoint retired (HTTP 410). Use npm audit instead.
-          # pnpm projects lack package-lock.json so we generate one first.
-          # --no-audit skips the implicit audit during install (we run it explicitly after).
          if [ "${{ steps.pkg-manager.outputs.manager }}" = "pnpm" ]; then
-            echo "Skipping npm audit for pnpm repo (pnpm audit endpoint retired HTTP 410; lockfile generation fails with corepack)"
+            pnpm audit --audit-level=high
          else
            npm audit --omit=dev
          fi