ci: add npm audit to the publish workflow

fuji44 · fuji44 · commit 8731f317a900 · 2026-02-27T22:58:08.000+09:00
diff --git a/.github/workflows/npmpublish.yml b/.github/workflows/npmpublish.yml
@@ -17,11 +17,12 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: 22
-          registry-url: 'https://registry.npmjs.org'
-          cache: 'npm'
+          registry-url: "https://registry.npmjs.org"
+          cache: "npm"
       - name: Update npm
         run: npm install -g npm@latest
       - run: npm ci
+      - run: npm audit --audit-level=high
       - run: npm test
 
   publish-npm:
@@ -32,8 +33,8 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: 22
-          registry-url: 'https://registry.npmjs.org'
-          cache: 'npm'
+          registry-url: "https://registry.npmjs.org"
+          cache: "npm"
       - name: Update npm
         run: npm install -g npm@latest
       - run: npm ci
