Security Audit #1

	name: Security Audit

	on:
	schedule:
	- cron: '0 2 * * 1' # Weekly on Monday at 2 AM
	workflow_dispatch:

	jobs:
	audit:
	name: Security Audit
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '22.x'
	cache: 'npm'

	- name: Install dependencies
	run: npm ci

	- name: Run npm audit (root)
	run: npm audit --audit-level=moderate \|\| true
	continue-on-error: true

	- name: Run npm audit (packages)
	run: \|
	for dir in packages/*/; do
	if [ -f "$dir/package.json" ]; then
	echo "Auditing $dir"
	cd "$dir"
	npm audit --audit-level=moderate \|\| true
	cd ../..
	fi
	done
	continue-on-error: true

	- name: Create security issue
	if: failure()
	uses: actions/github-script@v7
	with:
	script: \|
	const title = 'Security Audit: Vulnerabilities Detected';
	const body = `Security audit detected vulnerabilities. Please review and update dependencies.

	Workflow run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}`;

	github.rest.issues.create({
	owner: context.repo.owner,
	repo: context.repo.repo,
	title: title,
	body: body,
	labels: ['security', 'dependencies']
	});

Provide feedback