0.0.0-beta.0

.github/workflows/release.yml

@@ -27,15 +27,9 @@ jobs:
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
+          cache: "npm"
           node-version: ${{ env.NODE_VERSION }}
           registry-url: https://registry.npmjs.org
-      - name: Cache npm
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
       - name: Set env
         run: |
           tag=$(npm pkg get version | xargs)
@@ -125,11 +119,7 @@ jobs:
         if: ${{ needs.release.outputs.prerelease == 'true' }}
         run: |
           find . -name '*.tgz' -exec npm publish --tag next --provenance --access public {} \;
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       - name: npm publish (latest)
         if: ${{ needs.release.outputs.prerelease == 'false' }}
         run: |
           find . -name '*.tgz' -exec npm publish --tag latest --provenance --access public {} \;
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/test-dast.yml

@@ -20,6 +20,7 @@ jobs:
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
+          cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
           registry-url: https://registry.npmjs.org
       - name: Install dependencies

.github/workflows/test-lint.yml

@@ -20,6 +20,7 @@ jobs:
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
+          cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
           registry-url: https://registry.npmjs.org
       - name: Install dependencies

.github/workflows/test-pref.yml

@@ -20,6 +20,7 @@ jobs:
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
+          cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
           registry-url: https://registry.npmjs.org
       - name: Install dependencies

.github/workflows/test-sast.yml

@@ -24,22 +24,34 @@ jobs:
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
+          cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
           registry-url: "https://registry.npmjs.org"
-      - name: Cache npm
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
-      - name: Install sandworm
-        run: npm i -g @sandworm/audit@1.56.1
       - name: Remove deprecated npm config
         run: npm config delete always-auth
+      - name: Install sandworm
+        run: npm i -g @sandworm/audit@1.56.1
       - name: sandworm
         run: sandworm-audit --skip-tree
-
+
+  lockfile:
+    name: 'lockfile-lint: SAST package-lock.json'
+    runs-on: ubuntu-latest
+    if: (github.actor != 'dependabot[bot]')
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Setup Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          registry-url: https://registry.npmjs.org
+      - name: Install lockfile-lint
+        run: npm i -g lockfile-lint@4.14.1
+      - name: lockfile-lint
+        run: lockfile-lint --path package-lock.json --type npm --allowed-hosts npm --validate-https
+
   # https://github.com/github/codeql-action
   codeql:
     name: "CodeQL: SAST"

.github/workflows/test-unit.yml

@@ -20,6 +20,7 @@ jobs:
       - name: Setup Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
+          cache: 'npm'
           node-version: ${{ env.NODE_VERSION }}
           registry-url: https://registry.npmjs.org
       - name: Install dependencies

biome.json

@@ -1,5 +1,5 @@
 {
-	"$schema": "https://biomejs.dev/schemas/2.2.2/schema.json",
+	"$schema": "https://biomejs.dev/schemas/2.3.11/schema.json",
 	"vcs": {
 		"enabled": false,
 		"clientKind": "git",

docs/CONTRIBUTING.md

@@ -13,10 +13,11 @@ Ensure git history is pulled from the `develop` branch.
 ## 2. Setup
 
 ```bash
+npm i -g nmq
+npm i -g lockfile-lint
 npm i -g @sandworm/audit
 brew install semgrep
 brew install trufflehog
-brew install --cask zap
 ```
 
 ## 3. Implementation