diff --git a/.github/workflows/js-dependency-audit.yaml b/.github/workflows/js-dependency-audit.yaml
new file mode 100644
index 0000000..180a301
--- /dev/null
+++ b/.github/workflows/js-dependency-audit.yaml
@@ -0,0 +1,23 @@
+name: JS Dependency Audit
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths:
+      - '**/package.json'
+      - '**/package-lock.json'
+      - '**/npm-shrinkwrap.json'
+      - '**/yarn.lock'
+      - '**/.yarnrc'
+      - '**/.yarnrc.yml'
+      - '**/pnpm-lock.yaml'
+      - '**/pnpm-workspace.yaml'
+
+permissions: {}
+
+jobs:
+  audit:
+    uses: giantswarm/github-workflows/.github/workflows/js-dependency-audit.yaml@main
+    permissions:
+      contents: read
+      pull-requests: write