diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 9024e7a3c38c..7b54311ba0b5 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -47,10 +47,14 @@ jobs:
         if: steps.cache-yarn.outputs.cache-hit != 'true'
         run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
 
-      - name: Audit for vulnerabilities
+      - name: Audit yarn for vulnerabilities
         run: yarn _audit
         if: success()
 
+      - name: Audit npm for vulnerabilities
+        run: npm shrinkwrap && npm audit
+        if: success()
+
   trivy-scan-repo:
     name: Scan repo with Trivy
     permissions: