Problem
.github/workflows/ci.yml runs tests and type-checks but does not audit dependencies for known vulnerabilities. A single pnpm audit step closes this gap.
Acceptance criteria
Scope estimate
~20 minutes — add one step to an existing workflow file.
Getting started
In .github/workflows/ci.yml, add after the install step:
- name: Security audit
run: pnpm audit --audit-level=high
Problem
.github/workflows/ci.ymlruns tests and type-checks but does not audit dependencies for known vulnerabilities. A singlepnpm auditstep closes this gap.Acceptance criteria
.github/workflows/ci.ymlhas a new step after the install step that runspnpm audit --audit-level=highmainafter the changepnpm audit --audit-level=criticaloverride with a comment explaining whyScope estimate
~20 minutes — add one step to an existing workflow file.
Getting started
In
.github/workflows/ci.yml, add after the install step: