diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3417b06..4d0ab9d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: 📥 Checkout repository
-        uses: actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # main
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # main
         with:
           persist-credentials: false
 
@@ -51,7 +51,7 @@ jobs:
       - name: 🔍 Install dependencies
         if: steps.cache-node_modules.outputs.cache-hit != 'true'
         run: |
-          npm ci --ignore-scripts --prefer-offline --no-audit
+          npm ci --ignore-scripts --prefer-offline --no-audit --strict-peer-deps
 
       - name: 🧪 Run tests
         env:
diff --git a/.npmrc b/.npmrc
index 6bc8caf..49727ff 100644
--- a/.npmrc
+++ b/.npmrc
@@ -8,3 +8,6 @@ allow-git=none
 
 # Security hardening: skip package versions published less than 7 days ago (based on CISA's guidance).
 min-release-age=7
+
+# Fail on peer dependency conflicts so dependabot PRs with broken peer deps are rejected.
+strict-peer-deps=true