[FEATURE] WORKSPACE / MONOREPO SUPPORT

[philly-vanilly]

Is this lib supposed to work in a workspace (either npm, yarn or pnpm)? If yes, which type and version, with which configuration are supported?

In a regular repo I have 230 dependencies scanned, after merging it into a monorepo with npm workspaces, I can scan only the ones that are not hoisted because of a version mismatch with neighbour-packages. With pnpm only top-level dependencies are scanned (30 out of the original 230). Only yarn without plug-n-play (hoisting limit) seems to work for me, which is really a pity as having dozens of full-blown node_modules bottomless pits in a module-federation app is a nightmare with IntelliJ.

Also please clarify if this lib is abandoned. I see the last commit in /src is from 2 years ago, about as old as this issue: https://github.com/sonatype-nexus-community/auditjs/issues/184 If it is not under active development anymore, please deprecate it. As you can imagine, having a lib like this in a project really screws up the options for improvements. Either you have to abandon the idea of a monorepo and waste countless hours on multi-repo issues, or you have to explain to your project manager that you want to lower your security level for something as trivial as developer experience.

cc @bhamail / @DarthHater / @allenhsieh / @ken-duck