fix(ci): use npx for license-checker and force-add gitignored DEPENDENCIES.json

.github/workflows/publish.yml

@@ -13,7 +13,7 @@ on:
         type: string
 
 concurrency:
-  group: publish
+  group: publish-${{ github.event_name }}
   cancel-in-progress: true
 
 permissions: {}
@@ -295,7 +295,7 @@ jobs:
           if git diff --quiet HEAD -- package.json package-lock.json CHANGELOG.md generated/DEPENDENCIES.json; then
             echo "No version bump commit to push — skipping PR"
           else
-            git add package.json package-lock.json CHANGELOG.md generated/DEPENDENCIES.json
+            git add -f package.json package-lock.json CHANGELOG.md generated/DEPENDENCIES.json
             git commit -m "chore: release v${VERSION}"
             git push origin "HEAD:refs/heads/${BRANCH}"
             gh pr create \

.github/workflows/shield-license-compliance.yml

@@ -31,25 +31,22 @@ jobs:
       - name: Install dependencies
         run: npm ci --prefer-offline --no-audit --no-fund
 
-      - name: Install license-checker
-        run: npm install -g license-checker
-
       - name: Create reports directory
         run: mkdir -p license-reports
 
       - name: Run license check (allowlist)
         id: allowlist
         continue-on-error: true
         run: |
-          license-checker \
+          npx --yes license-checker \
             --onlyAllow 'MIT;BSD-2-Clause;BSD-3-Clause;Apache-2.0;ISC;CC0-1.0;Unlicense;WTFPL;0BSD;CC-BY-3.0;CC-BY-4.0;BlueOak-1.0.0;Python-2.0' \
             --summary | tee license-reports/allowlist-check.txt
 
       - name: Generate JSON report
-        run: license-checker --json > license-reports/licenses.json
+        run: npx --yes license-checker --json > license-reports/licenses.json
 
       - name: Generate CSV report
-        run: license-checker --csv --out license-reports/licenses.csv
+        run: npx --yes license-checker --csv --out license-reports/licenses.csv
 
       - name: Analyze results
         run: |