chore(deps): lock file maintenance #1092

	name: Package Audit

	on:
	push:
	branches:
	- '**'
	paths:
	- package.json
	- package-lock.json
	- .github/workflows/package-audit.yml
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	audit-npm:
	name: NPM Audit
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	disable-sudo: true
	allowed-endpoints:
	api.github.com:443
	github.com:443
	npm.pkg.github.com:443
	pkg-npm.githubusercontent.com:443
	registry.npmjs.org:443

	- name: Audit with NPM
	uses: myrotvorets/composite-actions/node-package-audit@master

	provenance:
	name: Verify signatures and provenance statements
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	disable-sudo: true
	allowed-endpoints:
	api.github.com:443
	github.com:443
	npm.pkg.github.com:443
	pkg-npm.githubusercontent.com:443
	registry.npmjs.org:443
	tuf-repo-cdn.sigstore.dev:443

	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Setup Node.js environment
	uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
	with:
	node-version: lts/*
	registry-url: https://npm.pkg.github.com
	cache: npm

	- name: Install dependencies
	run: npm ci --ignore-scripts
	env:
	NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Update npm
	run: npm i -g npm

	- name: Run audit
	run: npm audit signatures
	env:
	NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback