From 059a27c66140be5894d5289742d8b9f64788e05b Mon Sep 17 00:00:00 2001
From: Leonard Martin <leonard.martin@gmail.com>
Date: Wed, 1 Aug 2018 16:20:57 +0100
Subject: [PATCH] Add npm audit to ci pipeline

I have created a wrapper for it, because `npm audit` itself _always_ fails if _any_ vulnerabilities are present, and we don't want to fail on low or moderate vulnerabilities. This issue has been PR'ed in npm, so if/when https://github.com/npm/cli/pull/31 is merged and released then the command can be swapped for a basic `npm audit`.
---
 .drone.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index 24e69205..9ad9bfb6 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -10,6 +10,15 @@ pipeline:
     when:
       event: [push, pull_request, tag]
 
+  audit:
+    image: node:8
+    secrets:
+      - npm_auth_token
+    commands:
+      - npx @lennym/ciaudit
+    when:
+      event: [push, pull_request, tag]
+
   compile:
     image: node:8
     secrets: