* Use env var to specify specific docker-registry.w.o image

* Try different approach to echo newlines (may not work)
* Add review msg if at least one vulnerable package.json exists

npm-audit/nodejs12/npm-audit-nodejs-12-ci.yml

 npm_audit_dependency_check:
-    image: docker-registry.wikimedia.org/nodejs12-devel:0.0.1
+    image: docker-registry.wikimedia.org/${WM_APPSEC_NPM_IMAGE}
     stage: test
     allow_failure: false
     
@@ -21,15 +21,14 @@ npm_audit_dependency_check:
             npm_dir="$(dirname "$f")"
             cd $root_dir/$npm_dir
             npm install --package-lock-only
-            echo -e "\n "
-            echo -e "----- $f -----"
-            echo -e "\n "
+            echo -e "\n\n----- $f -----\n\n"
             set -e
             EXIT_CODE=0
             audit-ci ${NPM_AUDIT_OPTIONS} || EXIT_CODE=$?
             TOTAL_EXIT_CODES=$(($TOTAL_EXIT_CODES + $EXIT_CODE))
           done
           if [ "$TOTAL_EXIT_CODES" -gt 0 ]; then
+            echo -e "\n\nAt least one package.json file contained vulnerable dependencies - please review.\n\n"
             exit 1
           fi