feat: integrate dependency health v2 provider and tree models

[DevonL]

📄 Summary

Resolution of transient dependencies

🔍 Related Issues

Link to any related GitHub issues (e.g., Fixes #12, Closes #34):

🧪 Type of Change

Please check the relevant type tag for this PR title:

• [FIX] Bug fix
• [NEW] New thing
• [REFACTOR] Internal changes such as code restructuring or optimization that does not alter functionality
• [DOC] Documentation-only changes
• [CHORE] Maintenance, cleanup, or CI configuration

🧪 How Has This Been Tested?

Describe how you tested your changes. Include CI runs, local tests, manual verification, or screenshots if applicable.

📸 Screenshots (if applicable)

If UI or logs are affected, include before/after screenshots or output.

✅ Checklist

• I’ve read and followed the CONTRIBUTING.md.
• I’ve added or updated documentation as needed.
• I’ve verified the change is tested and works as intended.
• CI/CD checks pass and do not break existing functionality.
• My code follows the style guidelines of this project.

[Copilot]

Pull request overview

This PR integrates dependency health v2 provider and tree models by adding comprehensive support for parsing lockfiles from 14 different package managers (npm, Python, Maven, Gradle, Go, Cargo, Ruby, Docker, NuGet, Dart, Composer, Helm, Swift, Hex) and analyzing upstream dependency availability through Cloudsmith repositories.

Changes:

• Added lockfile parsers for 14 package management ecosystems with proper dependency extraction and tree building
• Introduced upstream gap analysis to identify missing dependencies in upstream proxies
• Created registry endpoint builders for direct package verification across multiple registries
• Refactored duplicate code in upstreamChecker.js into shared module-level functions
• Updated manifestParser.js to use new shared utility functions for consistent path validation

Reviewed changes

Copilot reviewed 65 out of 78 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
util/upstreamGapAnalyzer.js	New analyzer for upstream dependency availability with progress tracking and concurrency control
util/upstreamChecker.js	Refactored to extract helper functions (isCacheObjectRecord, getUpstreamRequestOptions, isWarningWorthyUpstreamFormatError) into module-level shared functions
util/registryEndpoints.js	New comprehensive registry endpoint builder supporting 15+ package formats with custom URL strategies
util/lockfileResolver.js	New orchestrator for lockfile detection and parsing across multiple ecosystems
util/lockfileParsers/shared.js	New shared utilities (pathExists, readUtf8, readJson, buildTree, etc.) for parser implementations
util/lockfileParsers/*.js	14 new parsers (npmParser, pythonParser, mavenParser, gradleParser, goParser, cargoParser, rubyParser, dockerParser, nugetParser, dartParser, composerParser, helmParser, swiftParser, hexParser) for ecosystem-specific lockfile parsing
util/manifestParser.js	Updated to use shared utility functions for file reading and path validation

Files not reviewed (2)

• test/fixtures/npm/package-lock.json: Language not supported
• test/fixtures/npm/pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[DevonL]

Retargeting base branch to PR #42. Reopening as new PR.