diff --git a/.github/workflows/dependabot-lockfile-cleanup.yml b/.github/workflows/dependabot-lockfile-cleanup.yml
new file mode 100644
index 0000000..ae06db5
--- /dev/null
+++ b/.github/workflows/dependabot-lockfile-cleanup.yml
@@ -0,0 +1,34 @@
+name: Dependabot lockfile cleanup
+
+on:
+  workflow_call:
+
+jobs:
+  cleanup:
+    if: github.actor == 'dependabot[bot]' && github.event.action == 'opened'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Clean up internal dependencies from lockfile
+        run: |
+          if ! command -v prepare-package-lock &> /dev/null; then
+            echo "prepare-package-lock not found, skipping"
+            exit 0
+          fi
+          prepare-package-lock
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git diff --quiet || (git add package-lock.json && git commit -m "chore: remove @cloudscape-design deps from lockfile" && git push)