feat!(audit): default to None, not Low

DOCS.md

@@ -176,7 +176,7 @@ The following parameters are used to configure the image:
 | `email`         | email for communication with npm                                                                                   | `false`  | `N/A`                        | `PARAMETER_EMAIL`<br>`NPM_EMAIL`         |
 | `token`         | auth token for communication with npm                                                                              | `false`  | `N/A`                        | `PARAMETER_TOKEN`<br>`TOKEN`             |
 | `registry`      | npm instance to communicate with                                                                                   | `false`  | `https://registry.npmjs.org` | `PARAMETER_REGISTRY`<br>`NPM_REGISTRY`   |
-| `audit_level`   | level at which the audit check should fail (valid options: `low`, `moderate`, `high`, `critical`, `none` to skip)  | `false`  | `low`                        | `PARAMETER_AUDIT_LEVEL`<br>`AUDIT_LEVEL` |
+| `audit_level`   | level at which the audit check should fail (valid options: `low`, `moderate`, `high`, `critical`, `none` to skip)  | `false`  | `none`                       | `PARAMETER_AUDIT_LEVEL`<br>`AUDIT_LEVEL` |
 | `strict_ssl`    | whether or not to do SSL key validation during communication                                                       | `false`  | `true`                       | `PARAMETER_STRICT_SSL`<br>`STRICT_SSL`   |
 | `always_auth`   | force npm to always require authentication                                                                         | `false`  | `false`                      | `PARAMETER_ALWAYS_AUTH`<br>`ALWAYS_AUTH` |
 | `skip_ping`     | whether or not to skip `npm ping` authentication command                                                           | `false`  | `false`                      | `PARAMETER_SKIP_PING`<br>`SKIP_PING`     |

cmd/vela-npm/main.go

@@ -136,7 +136,7 @@ func main() {
 			&cli.StringFlag{
 				Name:        "audit-level",
 				Usage:       "The level at which an npm audit will fail - options: (none|low|moderate|high|critical)",
-				Value:       "low",
+				Value:       "none",
 				EnvVars:     []string{"PARAMETER_AUDIT_LEVEL", "PARAMETER_AUDIT", "PLUGIN_AUDIT_LEVEL", "PLUGIN_AUDIT", "AUDIT_LEVEL", "AUDIT"},
 				FilePath:    string("/vela/parameters/npm/audit_level,/vela/secrets/npm/audit_level"),
 				DefaultText: "N/A",

internal/npm/config.go

@@ -92,9 +92,9 @@ func (p *Config) Validate() error {
 	case "n", "no", "none":
 		p.AuditLevel = None
 	default:
-		log.Warn("audit_level is not recognized, the npm default (low)")
+		log.Warn("audit_level is not recognized, setting to None")
 
-		p.AuditLevel = Low
+		p.AuditLevel = None
 	}
 
 	log.WithFields(log.Fields{

internal/npm/config_test.go

@@ -91,7 +91,7 @@ func TestConfig_Validate_NormalizeAuditLevel_Default(t *testing.T) {
 		t.Error(err)
 	}
 
-	if c.AuditLevel != Low {
+	if c.AuditLevel != None {
 		t.Error("AuditLevel not defaulted")
 	}
 }