diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 05945ac..3bc1014 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,6 +12,19 @@ updates:
       go-dependencies:
         patterns: ["*"]
 
+  - package-ecosystem: "npm"
+    directory: "/demo"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    commit-message:
+      prefix: "chore(deps)"
+    ignore:
+      # Dependabot security updates currently open a false-positive run for
+      # fast-uri even though demo/package-lock.json is already on 3.1.2.
+      - dependency-name: "fast-uri"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule: