Replace the Node Security Platform before its shutdown on 9/30

From: https://blog.npmjs.org/post/175511531085/the-node-security-platform-service-is-shutting

The Node Security Platform service will stop working on September 28, 2018.

As Node Security Platform is one the sources for ~"dependency scanning", we need to find a solution by that date. This issue is to drive this migration and evaluate our options.

Npm is now providing built-in security, so maybe we can just have a wrapper around npm audit:

a new command in npm@6, npm audit, will soon allow you to recursively analyze your dependency trees to identify specifically what’s insecure — so you can swap in a new version or find a safer alternate dependency.

/cc @bikebilly