feat(ci): add checking packages for vulnerabilities (#166)

Danil42Russia · web-flow · commit a1f3a233e90c · 2025-09-09T22:29:27.000+04:00
Towards #161
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,31 @@
+name: Security checks
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch Sources
+        uses: actions/checkout@v4
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Setup Node.js 22.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+          cache: "yarn"
+
+      - name: Install dependencies
+        run: yarn install --immutable --check-cache --check-resolutions
+
+      - name: Check project packages for deprecated
+        run: yarn npm audit --all --severity moderate
+
+      - name: Check all packages for vulnerabilities
+        run: yarn npm audit --all --recursive --severity high
