Keep dependencies patched and run npm audit in CI

Keep dependencies patched and run npm audit in CI | BeforeMerge Rules | BeforeMerge

Why this matters

Most applications run far more third-party code than first-party code. A single vulnerable transitive dependency can compromise the whole app. Automated auditing in CI catches known CVEs before they ship.

# Bad: dependencies never re-checked after install
 
# Good: fail CI on high-severity advisories
- run: npm audit --audit-level=high

Why This Matters

Related Rules

Catch this automatically on every PR

Why this matters