From 14de5e46449681fd2b47991edff6e1f37c79a4ae Mon Sep 17 00:00:00 2001
From: Gronod <gordon@i3omb.com>
Date: Sat, 16 May 2026 16:27:33 +0100
Subject: [PATCH] fix(security #17): add npm audit to CI pipeline and package
 scripts

Added .gitea/workflows/ci.yml which runs 'npm audit --audit-level=moderate'
on every push and PR. Fails the build on any moderate or higher severity
finding.

Also added 'npm run audit' and 'npm run audit:fix' convenience scripts
to package.json for local use.
---
 .gitea/workflows/ci.yml | 26 ++++++++++++++++++++++++++
 package.json            |  4 +++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 .gitea/workflows/ci.yml

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
new file mode 100644
index 0000000..d3c7579
--- /dev/null
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,26 @@
+name: CI
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: ["**"]
+
+jobs:
+  audit:
+    name: npm audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run security audit
+        run: npm audit --audit-level=moderate
diff --git a/package.json b/package.json
index 3db372a..59d5e53 100644
--- a/package.json
+++ b/package.json
@@ -6,7 +6,9 @@
   "scripts": {
     "dev": "nodemon server/index.js",
     "start": "node server/index.js",
-    "install:all": "npm install"
+    "install:all": "npm install",
+    "audit": "npm audit --audit-level=moderate",
+    "audit:fix": "npm audit fix"
   },
   "dependencies": {
     "axios": "^1.6.0",