chore(ci): add sfw security scanning via socket-registry install action (#1138)

Author: jdalton

.github/workflows/ci.yml

@@ -119,8 +119,9 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Run lint
         run: pnpm --filter @socketsecurity/cli run check
@@ -185,8 +186,9 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Run type check
         run: pnpm --filter @socketsecurity/cli run type
@@ -258,8 +260,9 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Build CLI
         working-directory: packages/cli
@@ -338,8 +341,9 @@ jobs:
           export default { text, view, renderToString, renderToStringWithWidth, printComponent, eprintComponent, getTerminalSize, TuiRenderer, init }
           CODE
 
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Build CLI
         working-directory: packages/cli

.github/workflows/provenance.yml

@@ -59,7 +59,9 @@ jobs:
 
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
 
-      - run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Build CLI
         run: pnpm --filter @socketsecurity/cli run build
@@ -104,7 +106,9 @@ jobs:
 
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
 
-      - run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Download CLI bundle
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -160,7 +164,9 @@ jobs:
 
       - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
 
-      - run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - run: npm install -g npm@latest
 

.github/workflows/weekly-update.yml

@@ -38,8 +38,9 @@ jobs:
           node-version-file: .node-version
           cache: 'pnpm'
 
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Check for npm updates
         id: check
@@ -77,8 +78,9 @@ jobs:
           node-version-file: .node-version
           cache: 'pnpm'
 
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+      - uses: SocketDev/socket-registry/.github/actions/install@715b14fec288ea6abc94a63dd74a2860c0db82f0 # main
+        with:
+          frozen-lockfile: 'true'
 
       - name: Install Claude Code
         run: npm install -g @anthropic-ai/claude-code