From 0a677d69a8e2a30cc3761f69a31256d94f8008ae Mon Sep 17 00:00:00 2001
From: Jared Vititoe <jjvititoe1@gmail.com>
Date: Tue, 14 Apr 2026 11:26:10 -0400
Subject: [PATCH] Add npm audit security scanning workflow

Scans npm dependencies weekly and on every push/PR for high+ severity issues.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/security.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .gitea/workflows/security.yml

diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml
new file mode 100644
index 0000000..beab61d
--- /dev/null
+++ b/.gitea/workflows/security.yml
@@ -0,0 +1,22 @@
+name: Security
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: ["**"]
+  schedule:
+    - cron: '0 6 * * 1'
+
+jobs:
+  npm-audit:
+    name: JS Security (npm audit)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run npm audit
+        run: npm audit --audit-level=high