(Long term) replacing arborist with a new tree builder #324
Description
We are currently using @npmcli/arborist to run Npm Audit for Github Advisory strategy and @pnpm/audit when required for pnpm.
This is quite a nightmare right now to deal with all of these packages because they all make their own choices and trades.
Ideally we should have our own package (replacement) for that:
- Support of npm, yarn, pnpm and bun
- OSV support built-in