- Add packageManager field to package.json for corepack - Add .yarnrc.yml with node-modules linker - Update all workflows to use corepack enable + yarn --immutable - Remove yarn cache from actions/setup-node (incompatible with Yarn 4)
Security workflow includes: - CodeQL static analysis for TypeScript vulnerabilities - npm audit for dependency vulnerabilities (fails on critical) - Dependency review on PRs (blocks high severity, GPL licenses) - TruffleHog secret scanning - Weekly scheduled security scans Code quality workflow includes: - ESLint linting checks - Prettier formatting validation - TypeScript strict type checking - Cyclomatic complexity analysis (warns on >15) - Duplicate code detection with jscpd
pezkuwichain