audit: allow the audit failure level to be configured

`npm audit` currently exits with exit code 1 if any vulnerabilities are found of any level. Add a flag of `--audit-level` to `npm audit` to allow it to pass if only vulnerabilities below a certain level are found. Example: `npm audit --audit-level=high` will exit with 0 if only low or moderate level vulns are detected.
npm · zkat · Aug 3, 2018 · Jun 14, 2018 · Jun 29, 2018 · Jun 29, 2018
commit c5e48d0c62df5373b2e39386291a38dda9e86022
diff --git a/lib/audit.js b/lib/audit.js
@@ -252,11 +252,11 @@ function auditCmd (args, cb) {
         })
       })
     } else {
-      const vulns =
-        auditResult.metadata.vulnerabilities.low +
-        auditResult.metadata.vulnerabilities.moderate +
-        auditResult.metadata.vulnerabilities.high +
-        auditResult.metadata.vulnerabilities.critical
+      const levels = ['low', 'moderate', 'high', 'critical']
+      const minLevel = levels.indexOf(npm.config.get('audit-level'))
+      const vulns = levels.reduce((count, level, i) => {
+        return i < minLevel ? count : count + auditResult.metadata.vulnerabilities[level]
+      }, 0)
       if (vulns > 0) process.exitCode = 1
       return audit.printFullReport(auditResult)
     }

diff --git a/lib/config/defaults.js b/lib/config/defaults.js
@@ -110,6 +110,7 @@ Object.defineProperty(exports, 'defaults', {get: function () {
     'always-auth': false,
     also: null,
     audit: true,
+    'audit-level': 'low',
     'auth-type': 'legacy',
 
     'bin-links': true,
@@ -254,6 +255,7 @@ exports.types = {
   'always-auth': Boolean,
   also: [null, 'dev', 'development'],
   audit: Boolean,
+  'audit-level': ['low', 'moderate', 'high', 'critical'],
   'auth-type': ['legacy', 'sso', 'saml', 'oauth'],
   'bin-links': Boolean,
   browser: [null, String],