From 3511a3dc30412a75a7a38cd72dbca26a9b8ec8b3 Mon Sep 17 00:00:00 2001
From: Jason Luong <jason.luong@snyk.io>
Date: Fri, 15 May 2026 14:49:37 +0100
Subject: [PATCH] fix(ci): check-dependecies gh action now uses npm token to
 access private packages

---
 .github/workflows/check-dependencies.yml | 5 +++++
 .github/workflows/danger-zone.yml        | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml
index 4729272c6b..6117d603bd 100644
--- a/.github/workflows/check-dependencies.yml
+++ b/.github/workflows/check-dependencies.yml
@@ -13,5 +13,10 @@ jobs:
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
+          # registry-url triggers setup-node to create an .npmrc with auth token interpolation,
+          # required to install private @snyk packages
+          registry-url: 'https://registry.npmjs.org'
       - run: npm ci
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.HAMMERHEAD_NPM_TOKEN }}
       - run: npx ts-node ./scripts/check-dependencies.ts
diff --git a/.github/workflows/danger-zone.yml b/.github/workflows/danger-zone.yml
index 67195f1982..32907f0706 100644
--- a/.github/workflows/danger-zone.yml
+++ b/.github/workflows/danger-zone.yml
@@ -14,7 +14,12 @@ jobs:
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
+          # registry-url triggers setup-node to create an .npmrc with auth token interpolation,
+          # required to install private @snyk packages
+          registry-url: 'https://registry.npmjs.org'
       - run: npm ci
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.HAMMERHEAD_NPM_TOKEN }}
       - run: npx danger ci
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}