From b5b00bc2821b8d616a9ca7a6962a3c08c2d6eaf4 Mon Sep 17 00:00:00 2001
From: TharakaUJ <9dmpires2k17.tuj@gmail.com>
Date: Wed, 24 Sep 2025 18:41:03 +0530
Subject: [PATCH 1/2] ci(workspace): add pnpm audit workflow to scan
 dependencies

introduce automated security scanning for dependencies by running `npm audit` in pull requests.
this ensures vulnerabilities are caught earlier in the development cycle and increases visibility for reviewers.

Closes #153
---
 .github/workflows/npm-audit.yml | 58 +++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/npm-audit.yml

diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml
new file mode 100644
index 00000000..e36110cc
--- /dev/null
+++ b/.github/workflows/npm-audit.yml
@@ -0,0 +1,58 @@
+# -------------------------------------------------------------------------------------
+#
+# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com).
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# --------------------------------------------------------------------------------------
+
+# This workflow will perform a security audit on the codebase.
+
+name: Security Audit
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Run audit
+        run: |
+          pnpm audit --json > audit-results.json || true
+          pnpm audit --audit-level=high
+
+      - name: Upload audit results
+        uses: actions/upload-artifact@v4
+        with:
+          name: pnpm-audit-report
+          path: audit-results.json

From 59e35e2eda32367157e7ac85ff515a53c73e9a61 Mon Sep 17 00:00:00 2001
From: TharakaUJ <9dmpires2k17.tuj@gmail.com>
Date: Mon, 6 Oct 2025 00:32:30 +0530
Subject: [PATCH 2/2] ci(workspace): edit pnpm audit workflow to scan
 dependencies

Follow the current style of configuring CI jobs as requested by reviewers:

- Use matrix strategy for Node.js versions for ease of maintenance
- Match the exact same style as reference pr-builder.yml workflow

Addresses reviewer feedback: "Lets follow the current style of configuring CI jobs.
We usually keep a matrix of the versions such as Node.js for ease."
---
 .github/workflows/npm-audit.yml | 38 ++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml
index e36110cc..68d93676 100644
--- a/.github/workflows/npm-audit.yml
+++ b/.github/workflows/npm-audit.yml
@@ -1,6 +1,6 @@
 # -------------------------------------------------------------------------------------
 #
-# Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com).
+# Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
 #
 # WSO2 LLC. licenses this file to you under the Apache License,
 # Version 2.0 (the "License"); you may not use this file except
@@ -24,34 +24,46 @@ name: Security Audit
 
 on:
   pull_request:
-    branches: [ main ]
+    branches: [main]
+  workflow_dispatch:
 
 jobs:
   audit:
+    name: Security Audit
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [lts/*]
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v2.3.3
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
+      - name: Setup node
+        id: setup-node
+        uses: actions/setup-node@v2
         with:
-          node-version: 18
+          node-version: ${{ matrix.node-version }}
 
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
+      - name: Setup pnpm
+        id: setup-pnpm
+        uses: pnpm/action-setup@v2.1.0
         with:
-          version: 9
+          version: latest
+          run_install: false
 
-      - name: Install dependencies
+      - name: Install Dependencies
+        id: install-dependencies
         run: pnpm install
 
-      - name: Run audit
+      - name: Run Security Audit
+        id: run-security-audit
         run: |
           pnpm audit --json > audit-results.json || true
           pnpm audit --audit-level=high
 
-      - name: Upload audit results
+      - name: Upload Audit Results
+        id: upload-audit-results
         uses: actions/upload-artifact@v4
         with:
           name: pnpm-audit-report