Set up vulnerability auditing

Add `better-npm-audit` as a means to audit for known vulnerabilities in
dependencies. This was chosen over just running `npm audit` because it
does not support ignoring known vulnerabilities.

Signed-off-by: Eric Cornelissen <[email protected]>

.github/workflows/audit.yml → .github/workflows/audit-dev.yml

@@ -4,8 +4,8 @@ on:
     paths:
       - .github/workflows/audit-dev.yml
       - .ndmrc
+      - .nsprc
       - package-lock.json
-      - package.json
   push:
     branches:
       - main
@@ -32,4 +32,21 @@ jobs:
       - name: Install dependencies
         run: npm clean-install
       - name: Audit deprecations
-        run: npm run dogfeed
+        run: npm run audit:deprecations
+  vulnerabilities:
+    name: Vulnerabilities
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Install Node.js
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: npm
+          node-version-file: .nvmrc
+      - name: Install dependencies
+        run: npm clean-install
+      - name: Audit vulnerabilities
+        run: npm run audit:vulnerabilities

.nsprc

@@ -0,0 +1,3 @@
+{
+    "GHSA-c2qf-rxjj-qqgw": "fixed version is within the supported version range"
+}

package.json

@@ -25,6 +25,9 @@
     "npm": "^10"
   },
   "scripts": {
+    "audit": "npm run audit:deprecations && npm run audit:vulnerabilities",
+    "audit:deprecations": "npm run dogfeed",
+    "audit:vulnerabilities": "better-npm-audit audit",
     "coverage": "node --test --experimental-test-coverage 'src/*.test.js'",
     "dogfeed": "node bin/cli.js --errors-only",
     "licenses": "licensee --errors-only",
@@ -37,6 +40,7 @@
     "semver": "^7.0.0"
   },
   "devDependencies": {
+    "better-npm-audit": "3.11.0",
     "licensee": "11.1.1",
     "lockfile-lint": "4.14.0",
     "ls-engines": "0.9.3",