diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
new file mode 100644
index 0000000..e6bf7f4
--- /dev/null
+++ b/.github/linters/.jscpd.json
@@ -0,0 +1,6 @@
+{
+  "threshold": 5,
+  "reporters": ["consoleFull"],
+  "ignore": ["**/__snapshots__/**", "**/node_modules/**"],
+  "absolute": true
+}
diff --git a/.github/renovate.json b/.github/renovate.json
index f02f654..66f4a27 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,6 +1,4 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "github>ivuorinen/renovate-config"
-  ]
+  "extends": ["github>ivuorinen/renovate-config"]
 }
diff --git a/.github/workflows/composer-install.yml b/.github/workflows/composer-install.yml
index 7661b9b..e634277 100644
--- a/.github/workflows/composer-install.yml
+++ b/.github/workflows/composer-install.yml
@@ -8,6 +8,8 @@ on:
       - "composer.json"
       - "composer.lock"
 
+permissions: read-all
+
 jobs:
   ComposerInstall:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/compress-images.yml b/.github/workflows/compress-images.yml
index 37c933c..1a0d493 100644
--- a/.github/workflows/compress-images.yml
+++ b/.github/workflows/compress-images.yml
@@ -8,6 +8,8 @@ on:
   schedule:
     - cron: "00 23 * * 0"
 
+permissions: read-all
+
 jobs:
   CompressOnDemandOrSchedule:
     name: calibreapp/image-actions
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index d4889c4..cff4cf5 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -12,6 +12,8 @@ name: "Dependency Review"
 
 on: [pull_request]
 
+permissions: read-all
+
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/laravel-phpunit.yml b/.github/workflows/laravel-phpunit.yml
index 653cd86..171cbd1 100644
--- a/.github/workflows/laravel-phpunit.yml
+++ b/.github/workflows/laravel-phpunit.yml
@@ -7,6 +7,8 @@ on:
   pull_request:
     branches: [main]
 
+permissions: read-all
+
 jobs:
   laravel-tests:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pr-compress-images.yml b/.github/workflows/pr-compress-images.yml
index 3500ba3..f7fad4b 100644
--- a/.github/workflows/pr-compress-images.yml
+++ b/.github/workflows/pr-compress-images.yml
@@ -11,6 +11,8 @@ on:
       - "**.png"
       - "**.webp"
 
+permissions: read-all
+
 jobs:
   CompressInPR:
     # Only run on Pull Requests within the same repository, and not from forks.
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index ba3321f..f014848 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -24,6 +24,8 @@ on:
   pull_request:
     branches: [master, main]
 
+permissions: read-all
+
 ###############
 # Set the Job #
 ###############
@@ -60,9 +62,14 @@ jobs:
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
-        uses: github/super-linter@v6
+        uses: github/super-linter@v7
         env:
           VALIDATE_ALL_CODEBASE: false
+          FIX_ANSIBLE: true
+          FIX_ENV: true
+          FIX_JSON: true
+          FIX_JSONC_PRETTIER: true
+          FIX_MARKDOWN: true
           # Change to 'master' if your main branch differs
           DEFAULT_BRANCH: ${{ env.MAIN_BRANCH }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index c3e3094..c479362 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -4,6 +4,8 @@ name: Release Drafter
 on:
   workflow_call:
 
+permissions: read-all
+
 jobs:
   update_release_draft:
     name: ✏️ Draft release
diff --git a/.github/workflows/release-monthly.yaml b/.github/workflows/release-monthly.yaml
index aa98656..1597095 100644
--- a/.github/workflows/release-monthly.yaml
+++ b/.github/workflows/release-monthly.yaml
@@ -7,6 +7,8 @@ on:
   schedule:
     - cron: "0 0 1 * *" # 1st of every month at midnight
 
+permissions: read-all
+
 jobs:
   release:
     name: Release
diff --git a/.github/workflows/reviewdog-linters.yml b/.github/workflows/reviewdog-linters.yml
index 05c3d7f..3de7eb4 100644
--- a/.github/workflows/reviewdog-linters.yml
+++ b/.github/workflows/reviewdog-linters.yml
@@ -3,6 +3,8 @@ name: Reviewdog Linters
 
 on: [push]
 
+permissions: read-all
+
 jobs:
   linters:
     name: Linters
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index b03940f..db410d4 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -7,6 +7,8 @@ on:
   workflow_call:
   workflow_dispatch:
 
+permissions: read-all
+
 jobs:
   stale:
     name: 🧹 Clean up stale issues and PRs
diff --git a/.github/workflows/sync-labels-to-own-projects.yml b/.github/workflows/sync-labels-to-own-projects.yml
index 60bf7a7..87f2048 100644
--- a/.github/workflows/sync-labels-to-own-projects.yml
+++ b/.github/workflows/sync-labels-to-own-projects.yml
@@ -12,6 +12,8 @@ on:
   schedule:
     - cron: "0 0 * * *" # Every day at midnight
 
+permissions: read-all
+
 jobs:
   sync-labels:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index 5e5de18..1aee1de 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -13,6 +13,8 @@ on:
   workflow_call:
   workflow_dispatch:
 
+permissions: read-all
+
 jobs:
   labels:
     name: ♻️ Sync labels
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3c3629e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/.prettierignore b/.prettierignore
new file mode 100644
index 0000000..1b8ac88
--- /dev/null
+++ b/.prettierignore
@@ -0,0 +1,3 @@
+# Ignore artifacts:
+build
+coverage
diff --git a/.prettierrc b/.prettierrc
new file mode 100644
index 0000000..0967ef4
--- /dev/null
+++ b/.prettierrc
@@ -0,0 +1 @@
+{}
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..28071f1
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,32 @@
+{
+  "name": "@ivuorinen/dotgithub",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "@ivuorinen/dotgithub",
+      "version": "1.0.0",
+      "license": "MIT",
+      "devDependencies": {
+        "prettier": "^3.3.3"
+      }
+    },
+    "node_modules/prettier": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.3.tgz",
+      "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..b7e0b31
--- /dev/null
+++ b/package.json
@@ -0,0 +1,14 @@
+{
+  "name": "@ivuorinen/dotgithub",
+  "version": "1.0.0",
+  "private": true,
+  "description": "My Shared GitHub Actions & Configurations.",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "Ismo Vuorinen <https://github.com/ivuorinen>",
+  "license": "MIT",
+  "devDependencies": {
+    "prettier": "^3.3.3"
+  }
+}
diff --git a/renovate-config.json b/renovate-config.json
index 0c723f8..d8431a7 100644
--- a/renovate-config.json
+++ b/renovate-config.json
@@ -1,7 +1,5 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "description": "Renovate config for projects ivuorinen manages",
-  "extends": [
-    "github>ivuorinen/renovate-config"
-  ]
+  "extends": ["github>ivuorinen/renovate-config"]
 }