diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index 604c9d8d..ea452a15 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -24,6 +24,9 @@ jobs:
           cache: "npm"
           cache-dependency-path: package-lock.json
 
+      - name: Check for SSH URLs in lockfile
+        run: npm run lint:lockfile
+
       - name: Configure Git for HTTPS
         # Convert SSH URLs to HTTPS for git dependencies (e.g., @electron/node-gyp)
         # This is needed because SSH authentication isn't available in CI
diff --git a/package-lock.json b/package-lock.json
index 1926a8c0..ed4a9293 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,10 @@
       "workspaces": [
         "apps/*",
         "libs/*"
-      ]
+      ],
+      "dependencies": {
+        "cross-spawn": "^7.0.6"
+      }
     },
     "apps/app": {
       "name": "@automaker/app",
@@ -12556,7 +12559,6 @@
       "version": "7.0.6",
       "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
       "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "path-key": "^3.1.0",
@@ -13519,7 +13521,6 @@
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
       "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
-      "dev": true,
       "license": "ISC"
     },
     "node_modules/istanbul-lib-coverage": {
@@ -14194,7 +14195,6 @@
       "version": "3.1.1",
       "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
       "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -14744,7 +14744,6 @@
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
       "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "shebang-regex": "^3.0.0"
@@ -14757,7 +14756,6 @@
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
       "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=8"
@@ -15838,7 +15836,6 @@
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
       "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
-      "dev": true,
       "license": "ISC",
       "dependencies": {
         "isexe": "^2.0.0"
diff --git a/package.json b/package.json
index 6c34a221..fdd557b0 100644
--- a/package.json
+++ b/package.json
@@ -28,6 +28,10 @@
     "test": "npm run test --workspace=apps/app",
     "test:headed": "npm run test:headed --workspace=apps/app",
     "test:server": "npm run test --workspace=apps/server",
-    "test:server:coverage": "npm run test:cov --workspace=apps/server"
+    "test:server:coverage": "npm run test:cov --workspace=apps/server",
+    "lint:lockfile": "! grep -q 'git+ssh://' package-lock.json || (echo 'Error: package-lock.json contains git+ssh:// URLs. Run: git config --global url.\"https://github.com/\".insteadOf \"git@github.com:\"' && exit 1)"
+  },
+  "dependencies": {
+    "cross-spawn": "^7.0.6"
   }
 }