Add npm audit to ci pipeline

I have created a wrapper for it, because `npm audit` itself _always_ fails if _any_ vulnerabilities are present, and we don't want to fail on low or moderate vulnerabilities. This issue has been PR'ed in npm, so if/when npm/cli#31 is merged and released then the command can be swapped for a basic `npm audit`.
UKHomeOffice · Aug 1, 2018 · 059a27c · 059a27c
1 parent d2ecc5d
commit 059a27c
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -10,6 +10,15 @@ pipeline:
     when:
       event: [push, pull_request, tag]
 
+  audit:
+    image: node:8
+    secrets:
+      - npm_auth_token
+    commands:
+      - npx @lennym/ciaudit
+    when:
+      event: [push, pull_request, tag]
+
   compile:
     image: node:8
     secrets: