diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 356637f..b4073c8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -25,7 +25,7 @@ jobs:
 
 
       - name: Install dependencies
-        run: ppnpm install --frozen-lockfile
+        run: pnpm install --frozen-lockfile
 
       - name: Lint
         run: pnpm run lint
@@ -78,7 +78,7 @@ jobs:
     name: CI Gate
     runs-on: [self-hosted, linux, x64, pop-os]
     if: always()
-    needs: [push, pull_request, group, cancel-in-progress, lint-typecheck, semgrep, gitleaks, trivy]
+    needs: [lint-typecheck, semgrep, gitleaks, trivy]
     steps:
       - name: Evaluate
         run: |
diff --git a/.github/workflows/trivy-autofix.yml b/.github/workflows/trivy-autofix.yml
index 3075faa..4b5eb88 100644
--- a/.github/workflows/trivy-autofix.yml
+++ b/.github/workflows/trivy-autofix.yml
@@ -41,15 +41,12 @@ jobs:
           echo "CVEs found: $COUNT"
 
       - name: Add Node.js (fnm) to PATH
+        if: steps.check.outputs.count != '0'
         run: echo "$HOME/.local/share/fnm/node-versions/v24.14.0/installation/bin" >> $GITHUB_PATH
 
       - name: Enable pnpm via corepack
-        run: corepack enable pnpm
-
         if: steps.check.outputs.count != '0'
-        with:
-          node-version: "24.14.0"
-          cache: 'npm'
+        run: corepack enable pnpm
 
       - name: Auto-fix CVEs via npm overrides
         if: steps.check.outputs.count != '0'