name: CI on: push: branches: [main] pull_request: branches: [main] jobs: verify: runs-on: ubuntu-latest permissions: contents: read steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: '20' cache: 'npm' - run: npm ci - run: npm run typecheck - run: npm run build # `npm pack --dry-run` validates the publish manifest without uploading. # Catches missing exports, wrong files entry, etc. before tagging. - run: npm pack --dry-run - name: npm audit (production deps only) run: npm audit --omit=dev --audit-level=high