support pnpm lockfiles

[milahu]

snyk-nodejs-lockfile-parser cannot parse pnpm lockfiles

workaround from github-actions-pnpm-snyk

// src/lib/compass/writeNpmPackageLock.ts
import { NpmPackageLock } from './processPnpmLockfile';
import writeFileAtomic = require('write-file-atomic');

export async function writeNpmPackageLock(packageLock: NpmPackageLock, filename: string) {
  const json = JSON.stringify(packageLock, null, 4);
  await writeFileAtomic(filename, json, (err?: Error) => { if (err) { throw err; } });
}

// src/lib/index.ts
import { processPnpmLockfile  } from './compass/processPnpmLockfile'

const packageLock = await processPnpmLockfile(path+"pnpm-lock.yaml");        
await writeNpmPackageLock(packageLock, path+"package-lock.json"); 

see processPnpmLockfile.ts or processPnpmLockfile.js

via https://github.com/snyk/nodejs-lockfile-parser/issues/111

see also @pnpm/lockfile-walker

[milahu]

good news, nodejs-lockfile-parser v1.53.0 has added pnpm support

so no more need for parse-package-lock (was never used in pnpm-install-only)

but we still need a fork of nodejs-lockfile-parser, to get resolved + integrity fields todo: update fork to v1.53.0