Add Npm Audit

Author: abadhwar

.github/workflows/cli-core-audit.yml

@@ -0,0 +1,47 @@
+name: NPM Audit Check
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [16.x, 14.x]
+    steps:
+      - name: Checkout cli repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - run: make install
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+      - name: Run audit check
+        run: npm audit --audit-level=moderate --production
+        # minimum vulnerability level that will cause the command to fail
+        # audit reports with low severity would pass the test
+  notify-complete-fail:
+    if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
+    needs: [ audit ]
+    name: Notify Npm Audit Failed
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.ALERT_SLACK_WEB_HOOK }}
+          SLACK_COLOR: 'danger'
+          SLACK_USERNAME: CLI Github Actions
+          SLACK_MSG_AUTHOR: twilio-dx
+          SLACK_ICON_EMOJI: ':github:'
+          SLACK_TITLE: "Twilio Cli"
+          SLACK_MESSAGE: 'Cli audit test failed'
+          MSG_MINIMAL: actions url
+          SLACK_FOOTER: Posted automatically using GitHub Actions