diff --git a/.github/workflows/npm-diff.yml b/.github/workflows/npm-diff.yml
new file mode 100644
index 0000000..4037c51
--- /dev/null
+++ b/.github/workflows/npm-diff.yml
@@ -0,0 +1,21 @@
+name: NPM lockfile changes
+on: [pull_request]
+
+jobs:
+  lockfile_changes:
+    runs-on: ubuntu-latest
+    # Permission overwrite is required for Dependabot PRs, see "Common issues" below.
+    permissions:
+      pull-requests: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: NPM lockfile changes
+        uses: codepunkt/npm-lockfile-changes@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # Optional inputs, can be deleted safely if you are happy with default values.
+          collapsibleThreshold: 25
+          failOnDowngrade: false
+          path: package-lock.json
+          updateComment: true
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..e7acb42
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,6 @@
+{
+  "name": "fewer-tags",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {}
+}