Currently, we use the semver in package.json to resolve the version to check, but if a lock file exists (yarn/npm) we need to respect it instead.
We can levrage https://github.com/snyk/nodejs-lockfile-parser for the task.
We should also probably allow the user to skip that resolving method.
Currently, we use the semver in package.json to resolve the version to check, but if a lock file exists (yarn/npm) we need to respect it instead.
We can levrage https://github.com/snyk/nodejs-lockfile-parser for the task.
We should also probably allow the user to skip that resolving method.