[CI] Add prek audit hooks (#409)

* [CI] Add prek audit hooks

* Update .pre-commit-config-audit.yaml

Author: jbampton

.github/workflows/pre-commit-audit.yml

@@ -0,0 +1,26 @@
+# https://github.com/j178/prek
+name: Audit hooks
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  pre-commit:
+    name: 🏃‍♂️‍➡️ prek on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - name: Run prek-action
+        uses: j178/prek-action@53276d8b0d10f8b6672aa85b4588c6921d0370cc # v2.0.1
+        with:
+          install-only: true
+      - name: Run manual prek hooks
+        run: prek run --all-files --config .pre-commit-config-audit.yaml

.pre-commit-config-audit.yaml

@@ -0,0 +1,30 @@
+default_stages: [pre-commit, pre-push]
+minimum_prek_version: "0.2.22"
+default_language_version:
+  python: python3
+  node: 24.14.0
+exclude: |
+  (?x)^(
+    \.git/|
+    _site/|
+    node_modules/|
+  )
+
+repos:
+  - repo: meta
+    hooks:
+      - id: identity
+        name: Run identity
+        description: Run the identity check
+      - id: check-hooks-apply
+        name: run check-hooks-apply
+        description: check that all the hooks apply to the repository
+
+  - repo: local
+    hooks:
+      - id: npm-audit
+        name: run npm-audit
+        description: Run npm audit
+        entry: npm audit
+        language: system
+        pass_filenames: false

.pre-commit-config.yaml

@@ -43,12 +43,6 @@ repos:
         entry: npm run build
         language: system
         pass_filenames: false
-      - id: npm-audit
-        name: run npm-audit
-        description: Run npm audit
-        entry: npm audit
-        language: system
-        pass_filenames: false
 
   # GO-based
   - repo: https://github.com/gitleaks/gitleaks