Tier 1: Add npm audit to CI for dependency checking

## Context

As identified in the Risk Radar Assessment, both modules (`scripts` and `website`) are **Tier 2** and require Tier 1 automated gates.

## Measure: Dependency Check

**Type:** Deterministic  
**Status:** ❌ Missing  
**Required for:** Tier 1 — Automated Gates

## What to implement

1. **Add `npm audit` step to `.github/workflows/test.yml`:**
   ```yaml
   - name: Run dependency audit
     working-directory: ./website
     run: npm audit --audit-level=moderate
   ```

2. **Add audit step for scripts module** as well

3. **Configure audit level** (moderate = fail on moderate+ vulnerabilities)

4. **Optional: Add `npm audit fix`** to automatically fix vulnerabilities

## Reference

- [Risk Radar Documentation](https://llm-coding.github.io/vibe-coding-risk-radar/)
- [Tier 1 Mitigations](https://llm-coding.github.io/vibe-coding-risk-radar/tiers/tier-1/)
- [npm audit docs](https://docs.npmjs.com/cli/v10/commands/npm-audit)

## Acceptance Criteria

- [ ] `npm audit` runs in CI for both modules
- [ ] CI fails if moderate or higher vulnerabilities are found
- [ ] Audit results are visible in CI logs
- [ ] Dependencies are regularly checked for vulnerabilities

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tier 1: Add npm audit to CI for dependency checking #83

Context

Measure: Dependency Check

What to implement

Reference

Acceptance Criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Tier 1: Add npm audit to CI for dependency checking #83

Description

Context

Measure: Dependency Check

What to implement

Reference

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions