feat(nodejs): support npm shrinkwrap

[jagprog5]

Description

Add support for npm shrinkwrap

Someone with more node knowledge than me please double check this.

Thanks.

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[DmitriyLewen]

Hello @jagprog5
Thanks for your contribution!

I have some doubts.
For such cases there is File patterns.
Why do you think it is necessary to add scanning of these files by default?

Regards, Dmitriy

[jagprog5]

Hello. @DmitriyLewen It's necessary because (except for some small differences) it is the same as package lock and therefor should be treated the same.

It has dependencies in it! If it isn't scanned, then it's being missed.

[knqyf263]

Dmitriy means you can scan the file with --file-patterns without any changes. If you think the file should be scanned by default, please share the use case. Trivy already scans package-lock.json, which is identical to npm-shrinkwrap.json. When do you need to scan npm-shirinkwrap.json?

It is identical to package-lock.json