From f8b02f9ee6e84e94c46bdda4514ca332f9c9691b Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Thu, 2 Jul 2020 21:37:45 +0200
Subject: [PATCH] CI: npm audit cronjob details

---
 .travis.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 4b2f01c1..e43d58a0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -35,8 +35,11 @@ jobs:
       install:
         - npm ci --production
       script:
-        - npm audit
+        # This audit will fail for moderate/high/critical and exclude low
+        - npm audit --production --audit-level=moderate
       after_success:
-        - echo "package-lock.json is considered secure according to 'npm audit'."
+        - echo "package-lock.json is considered at least moderately secure according to a npm audit."
       after_failure:
-        - echo "package-lock.json should be updated with 'npm audit fix'."
+        - echo "package-lock.json contain a package with a moderate or worse vulnerability!"
+        - echo "Running 'npm audit fix --production' could fix the vulnerability. Let's try..."
+        - npm audit fix --production