Skip to content

Add pnpm audit step to CI #13

Description

@aimerdoux

Problem

.github/workflows/ci.yml runs tests and type-checks but does not audit dependencies for known vulnerabilities. A single pnpm audit step closes this gap.

Acceptance criteria

  • .github/workflows/ci.yml has a new step after the install step that runs pnpm audit --audit-level=high
  • CI passes on main after the change
  • High-severity advisories (if any) are either patched or have an inline pnpm audit --audit-level=critical override with a comment explaining why

Scope estimate

~20 minutes — add one step to an existing workflow file.

Getting started

In .github/workflows/ci.yml, add after the install step:

- name: Security audit
  run: pnpm audit --audit-level=high

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions