actions: Dependency Security Scan

kaloudis · kaloudis · commit 2c885148e08f · 2025-09-08T21:07:38.000-04:00
diff --git a/.github/workflows/dependency-scan.yml b/.github/workflows/dependency-scan.yml
@@ -0,0 +1,29 @@
+name: Dependency Security Scan
+
+on: [push, pull_request]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Run Codebase Scanner (obfuscation detection)
+        run: npx @mathiscode/codebase-scanner@latest npm .
+
+      - name: Run npm-scan heuristic scan
+        run: npx npm-scan
+
+      - name: Run GuardDog scan (optional, for malicious packages)
+        run: |
+          pip install guarddog
+          guarddog scan npm .
+
