diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cbcb8a5..665ccc6 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -27,4 +27,26 @@ updates:
       actions-security:
         applies-to: security-updates
         patterns:
-          - "*"
\ No newline at end of file
+          - "*"
+
+  # NPM dependencies (Hugo site and tooling)
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      # Monthly scheduled updates to balance freshness with maintenance effort; security updates can still be raised separately
+      interval: "monthly"
+    commit-message:
+      prefix: "chore(deps)"
+    versioning-strategy: increase-if-necessary
+    reviewers:
+      - "github/cse-intelligence-engine-squad"
+    # Group version and security updates separately.
+    groups:
+      npm-version:
+        applies-to: version-updates
+        patterns:
+          - "*"
+      npm-security:
+        applies-to: security-updates
+        patterns:
+          - "*"