mirror of
https://github.com/pezkuwichain/pwap.git
synced 2026-06-19 22:11:01 +00:00
pezkuwichain
51eecf9e08
The security-audit gate ran 'npm audit --audit-level=high' over all deps, so newly-published advisories on build-only tooling (esbuild, elliptic via vite-plugin-node-polyfills, etc.) repeatedly blocked production deploys even though that code ships to no user. Scope the gate to production dependencies with --omit=dev. Verified: 'npm audit --audit-level=high --omit=dev' → 0 vulnerabilities. TruffleHog secret scanning is unchanged.