Skip to content

Commit b52cc65

Browse files
authored
Merge pull request #340 from appwrite/fix-audit-no-lock-regen
fix: audit the committed lockfile without regenerating it
2 parents 9e83cd1 + 4a4ae57 commit b52cc65

1 file changed

Lines changed: 1 addition & 6 deletions

File tree

.github/workflows/publish.yml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -143,12 +143,7 @@ jobs:
143143
fi
144144
145145
- name: Audit npm dependencies
146-
run: |
147-
# CLI builds with Bun, but npm audit reads package-lock.json.
148-
# update-lockfiles.sh updates both lockfiles; this catches npm lock drift.
149-
npm install --package-lock-only --ignore-scripts
150-
git diff --exit-code package-lock.json
151-
npm audit --audit-level=high --omit=dev
146+
run: npm audit --package-lock-only --audit-level=high --omit=dev
152147

153148
- name: Publish
154149
run: npm publish --provenance --access public --tag ${{ steps.release_tag.outputs.tag }}

0 commit comments

Comments
 (0)