Use nsp to check for sketchy modules

[pdehaan]

Since we don't use grunt in this repo, we can probably just do some clever coding in .travis.yml to do a local install of nsp and run it against the package.json file (which is less efficient than npm-shrinkwrap.json linting, but we don't use shrinkwrap either).

I recon it may be as easy as this pseudo-yaml:

before_script:
  - gem install fake_dynamo
  - npm install nsp
  - ./node_modules/.bin/nsp package

Running that locally for me gives me:

$ ./node_modules/.bin/nsp package
No vulnerable modules found

But basically it checks each dependency (nested) for potentially compromised modules using https://nodesecurity.io API. This has come in very useful recently in other repos where there were some Hapi issues which were quickly patched. But getting good warning in our Travis logs is always nice.

Plus it doesn't add too much time to our Travis build process:

$ time nsp package
No vulnerable modules found

real    0m5.236s
user    0m2.274s
sys     0m0.261s

[pdehaan]

Feel free to assign to me. I think it's literally a 2 line change in .travis.yml, but i think 2 other PRs are tweaking Travis config files currently.

[Natim]

can you make it a separate test then?