Improve npm audit workflow #656
Description
The workflow is quite good and helpful.
However currently the developers need to check locally if everything is still working fine. In quite many cases the fixed dependencies are however development related and don't change the production files.
It would therefore be support helpful if the workflow could:
- Compile the app and copy js/ to js-backup/
- NPM audit
- Compile the app again
- Diff js/ and js-backup/
If the diff is empty: extend the PR description with:
Tip
Assets did not change
If the diff is not empty:
Warning
Assets changed
This allows developers to speed up the merge time and skip local testing when nothing changed in the assets