name: Security Audit on: push: branches: [main, dev] pull_request: branches: [main, dev] schedule: - cron: '0 9 * * 1' # Weekly Monday 09:00 UTC permissions: contents: read concurrency: group: security-${{ github.ref }} cancel-in-progress: true jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - uses: actions/setup-node@v6 with: node-version: '22' cache: 'npm' - name: Install dependencies run: npm ci - name: npm audit (production) run: npm audit --omit=dev --audit-level=high