From c9c3ad17cab5268b97bccf83fee4377ceb3f556c Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@gmail.com>
Date: Sat, 4 Apr 2026 16:22:47 +1000
Subject: [PATCH 1/2] [CI] Add prek audit hooks

---
 .github/workflows/pre-commit-audit.yml | 26 +++++++++++++++++++++
 .pre-commit-config-audit.yaml          | 31 ++++++++++++++++++++++++++
 .pre-commit-config.yaml                |  6 -----
 3 files changed, 57 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/pre-commit-audit.yml
 create mode 100644 .pre-commit-config-audit.yaml

diff --git a/.github/workflows/pre-commit-audit.yml b/.github/workflows/pre-commit-audit.yml
new file mode 100644
index 0000000..fca9bf2
--- /dev/null
+++ b/.github/workflows/pre-commit-audit.yml
@@ -0,0 +1,26 @@
+# https://github.com/j178/prek
+name: Audit hooks
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  pre-commit:
+    name: 🏃‍♂️‍➡️ prek on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - name: Run prek-action
+        uses: j178/prek-action@53276d8b0d10f8b6672aa85b4588c6921d0370cc # v2.0.1
+        with:
+          install-only: true
+      - name: Run manual prek hooks
+        run: prek run --all-files --config .pre-commit-config-audit.yaml
diff --git a/.pre-commit-config-audit.yaml b/.pre-commit-config-audit.yaml
new file mode 100644
index 0000000..daa1494
--- /dev/null
+++ b/.pre-commit-config-audit.yaml
@@ -0,0 +1,31 @@
+default_stages: [pre-commit, pre-push]
+minimum_prek_version: "0.2.22"
+default_language_version:
+  python: python3
+  node: 24.14.0
+exclude: |
+  (?x)^(
+    \.git/|
+    _site/|
+    node_modules/|
+    package-lock\.json$
+  )
+
+repos:
+  - repo: meta
+    hooks:
+      - id: identity
+        name: Run identity
+        description: Run the identity check
+      - id: check-hooks-apply
+        name: run check-hooks-apply
+        description: check that all the hooks apply to the repository
+
+  - repo: local
+    hooks:
+      - id: npm-audit
+        name: run npm-audit
+        description: Run npm audit
+        entry: npm audit
+        language: system
+        pass_filenames: false
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a35b2b9..0572b25 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -43,12 +43,6 @@ repos:
         entry: npm run build
         language: system
         pass_filenames: false
-      - id: npm-audit
-        name: run npm-audit
-        description: Run npm audit
-        entry: npm audit
-        language: system
-        pass_filenames: false
 
   # GO-based
   - repo: https://github.com/gitleaks/gitleaks

From 79f0a1ae55ea55f24f5d7d6895ef39af33a23131 Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@users.noreply.github.com>
Date: Sat, 4 Apr 2026 16:27:20 +1000
Subject: [PATCH 2/2] Update .pre-commit-config-audit.yaml

---
 .pre-commit-config-audit.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.pre-commit-config-audit.yaml b/.pre-commit-config-audit.yaml
index daa1494..3b056bd 100644
--- a/.pre-commit-config-audit.yaml
+++ b/.pre-commit-config-audit.yaml
@@ -8,7 +8,6 @@ exclude: |
     \.git/|
     _site/|
     node_modules/|
-    package-lock\.json$
   )
 
 repos: