name: "npm-audit"
description: "check for vulnerabilities with npm"
runs:
  using: "composite"
  steps:
    - name: "dependency scan"
      run: npm audit