Update audit.js

[jweinsteincbt]

Should be able to turn off file name scrubbing for your own private registry by using NOSCRUB=@${SCOPE}

[isaacs]

This should be a config value with docs and tests. I'd prefer not to bury ad hoc environment variable switches in the cli's command definitions, or it gets unmaintainable real fast.

[jweinsteincbt]

Fair enough -- I can convert this from a quick hack to a real feature.

Do you want to the command line argument to be --no-scrub or something else?
Is it okay to turn off all scrubbing or only one at time:
--no-scrub=@${SCOPE}

Advanced features discussion:
Should this be limited to members of the org for that scope? Would need to cache the credentials so it does not need to do multiple lookups. Might not work for all registries (npm caching and so on). Also, that makes it harder to decide not to not require modules which have bad audit results if they are @ scoped.

[claudiahdz]

Hi! Thank you very much for your contribution. Could you please follow up on this on our RFC's repo with the desired functionality and implementation details? Discussion can continue over there!