fix: detect yarn.lock files in bin command

[candrews]

• Tests written and linted
• Documentation written / README.md updated https://snyk.io/docs/snyk-for-node/
• Follows CONTRIBUTING agreement
• Commit history is tidy https://git-scm.com/book/en/v2/Git-Branching-Rebasing
• Reviewed by Snyk team

What this does

In the bin command, detect yarn.lock files in addition to the existing support for package.json and package-lock.json.

Notes for the reviewer

node bin/index.js from a directory containing a yarn.lock file now display results.

More information

Screenshots

Visuals that may help the reviewer

[CLAassistant]

All committers have signed the CLA.

[JamesPatrickGill]

Hi @candrews, thanks for this PR! I'll be looking after this PR and helping you get it released.

Firstly due to our internal systems requiring a non fork branch to run CI could you please first point this PR at this branch detect-yarn-lock-in-bin-cmd. This will allow me to run tests before deploying it and hence merge your PR safely.

In the meantime I will look over the PR.

Thanks again 😃

[JamesPatrickGill]

I have added some pointers to help you reach what I believe the goal of the ticket is. Hope these are helpful 😃

As an aside, could you please share how you are using this binary to help maybe mold the solution.

Many thanks again for this PR 🙏

[JamesPatrickGill]

Hi, I don't believe this code works as you expect.

To illustrate, here is the function signature for this function

function buildDepTreeFromFiles(
    root: string, 
    manifestFilePath: string, 
    lockFilePath: string, 
    includeDev?: boolean, 
    strictOutOfSync?: boolean
): Promise<PkgTree>

This would mean we are passing yarn.lock to the includeDev argument.

I would suggest updating so that the 3rd argument - lockFilePath - is conditionally passed as package-lock.json or yarn.lock based on some trigger. Maybe an cli flag as this is a "bin".

stale