Update package audit workflow

.github/workflows/package-audit.yml

@@ -18,16 +18,18 @@ jobs:
     name: NPM Audit
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Setup Node.js environment
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          node-version: lts/*
+          disable-sudo: true
+          allowed-endpoints:
+            api.github.com:443
+            github.com:443
+            npm.pkg.github.com:443
+            registry.npmjs.org:443
 
-      - name: Run audit
-        run: npm audit --omit=dev
+      - name: Audit with NPM
+        uses: myrotvorets/composite-actions/node-package-audit@master
 
   provenance:
     name: Verify signatures and provenance statements
@@ -36,6 +38,17 @@ jobs:
       contents: read
       packages: read
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          disable-sudo: true
+          allowed-endpoints:
+            api.github.com:443
+            github.com:443
+            npm.pkg.github.com:443
+            registry.npmjs.org:443
+            tuf-repo-cdn.sigstore.dev:443
+
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
@@ -44,7 +57,7 @@ jobs:
         with:
           node-version: lts/*
           registry-url: https://npm.pkg.github.com
-          cache: npm
+          # cache: npm
 
       - name: Install dependencies
         run: npm ci --ignore-scripts