Skip to content

codeintel/lockfiles: Restore `package-lock.json` dev dependencies

Warren Gifford requested to merge ts/in-tree-lockfile-parsers into main

Created by: tsenart

This commit moves the lockfile parsers we are using from github.com/aquasecurity/go-dep-parse in-tree and adapts them to our needs.

We do so because:

  1. Their package-lock.json parser skips dev dependencies which we want to parse.
  2. We reduce unnecessary large array type conversions.
  3. We defer the removal of duplicates to the Service.

Test plan

Unit and integration tests.

Merge request reports