Add nightly security audit for node-modules

pmeijer · pmeijer · commit 5bfe198a24f9 · 2026-05-01T10:32:48.000-04:00
diff --git a/.github/workflows/nightly-audit.yaml b/.github/workflows/nightly-audit.yaml
@@ -0,0 +1,36 @@
+name: Nightly Security Audit
+
+on:
+  schedule:
+    - cron: '0 2 * * *'
+  workflow_dispatch: # Allow manual trigger
+
+jobs:
+  npm-audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 24
+
+      - name: Install dependencies
+        run: npm ci
+      - name: Run security audit
+        shell: bash
+        run: |
+          echo '### npm audit (`--omit=dev`)' >> "$GITHUB_STEP_SUMMARY"
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo '```text' >> "$GITHUB_STEP_SUMMARY"
+          set +e
+          set -o pipefail
+          npm audit --omit=dev --audit-level high 2>&1 | tee -a "$GITHUB_STEP_SUMMARY"
+          exit_code=$?
+          echo '```' >> "$GITHUB_STEP_SUMMARY"
+          exit $exit_code
