name: Security checks

on:
  push:
  pull_request:
    paths: [ '/package.json', '/package-lock.json' ] # Allow PRs to be green if they do not introduce dependency change
  schedule:
    - cron: '0 0 * * 0' # at 00:00 on every Sunday

jobs:
  npm-audit:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Setup node
        uses: actions/setup-node@v1
        with:
          node-version: 14.x
      -
        name: NPM audit
        run: npm audit