.github/workflows/checks.security.dependencies.yaml
name: checks.security.dependencies
on:
push:
pull_request:
paths: [ '/package.json', '/package-lock.json' ] # Allow PRs to be green if they do not introduce dependency change
schedule:
- cron: '0 0 * * 0' # at 00:00 on every Sunday
jobs:
npm-audit:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Setup node
uses: ./.github/actions/setup-node
-
name: NPM audit
run: npm audit --omit=dev