Audit npm shrinkwrap as well

coder · Sep 21, 2023 · 2a9df5a · 2a9df5a
1 parent 2c87baf
commit 2a9df5a
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -47,10 +47,14 @@ jobs:
         if: steps.cache-yarn.outputs.cache-hit != 'true'
         run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
 
-      - name: Audit for vulnerabilities
+      - name: Audit yarn for vulnerabilities
         run: yarn _audit
         if: success()
 
+      - name: Audit npm for vulnerabilities
+        run: npm shrinkwrap && npm audit
+        if: success()
+
   trivy-scan-repo:
     name: Scan repo with Trivy
     permissions: