# Replace the placeholder owner with the GitHub user or team that must review
# privileged files before relying on CODEOWNERS protection.

* __CODE_OWNER__

# Workflow / CI / CD.
/.github/                         __CODE_OWNER__
/.github/workflows/               __CODE_OWNER__
/.github/workflows/vuln-scan.yml  __CODE_OWNER__
/.github/workflows/osv-scan.yml   __CODE_OWNER__
/.github/workflows/dast.yml       __CODE_OWNER__
/.github/workflows/secret-scan.yml __CODE_OWNER__
/.github/dependabot.yml           __CODE_OWNER__
/.github/CODEOWNERS               __CODE_OWNER__

# Files that affect dependency resolution, install scripts, or publishing.
/package.json                     __CODE_OWNER__
/package-lock.json                __CODE_OWNER__
/npm-shrinkwrap.json              __CODE_OWNER__
/pnpm-lock.yaml                   __CODE_OWNER__
/pnpm-workspace.yaml              __CODE_OWNER__
/yarn.lock                        __CODE_OWNER__
/bun.lock                         __CODE_OWNER__
/.npmrc                           __CODE_OWNER__
/scripts/verify-lockfile-sources.mjs __CODE_OWNER__

# Vulnerability handling.
/SECURITY.md                      __CODE_OWNER__