diff --git a/action.yaml b/action.yaml
new file mode 100644
index 0000000..b6c4171
--- /dev/null
+++ b/action.yaml
@@ -0,0 +1,7 @@
+name: "npm-audit"
+description: "check for vulnerabilities with npm"
+runs:
+  using: composite
+  steps:
+    - name: "dependency scan"
+      runs: npm audit
\ No newline at end of file