fix(security): Remediate scanning and dependency alerts
Harden template and example code paths, redact sensitive output, and pin safe transitive npm packages. Consolidate the todo backend on better-sqlite3 so the example no longer pulls the vulnerable sqlite3 chain and still passes build and CRUD smoke checks. Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
sickn33
3
.github/workflows/publish-npm.yml
vendored
3
.github/workflows/publish-npm.yml
vendored
@@ -5,6 +5,9 @@
|
||||
|
||||
name: Publish to npm
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
Reference in New Issue
Block a user