feat: wire dependency health commands, report ui, and docs

[DevonL]

📄 Summary

Completion of reporting UI and doc updates

🔍 Related Issues

Link to any related GitHub issues (e.g., Fixes #12, Closes #34):

🧪 Type of Change

Please check the relevant type tag for this PR title:

• [FIX] Bug fix
• [NEW] New thing
• [REFACTOR] Internal changes such as code restructuring or optimization that does not alter functionality
• [DOC] Documentation-only changes
• [CHORE] Maintenance, cleanup, or CI configuration

🧪 How Has This Been Tested?

Describe how you tested your changes. Include CI runs, local tests, manual verification, or screenshots if applicable.

📸 Screenshots (if applicable)

If UI or logs are affected, include before/after screenshots or output.

✅ Checklist

• I’ve read and followed the CONTRIBUTING.md.
• I’ve added or updated documentation as needed.
• I’ve verified the change is tested and works as intended.
• CI/CD checks pass and do not break existing functionality.
• My code follows the style guidelines of this project.

[Copilot]

Pull request overview

This pull request adds comprehensive dependency health scanning, transitive dependency analysis, and compliance reporting features to the VS Code extension. The changes include lockfile parsing for 14+ package ecosystems, upstream proxy gap analysis, dependency enrichment (vulnerabilities, licenses, policies), and UI components for displaying compliance reports.

Changes:

• Refactored upstreamChecker.js to extract helper functions and add getActiveRepositoryUpstreamsForFormat method
• Added new utility modules: packageNameNormalizer.js, lockfileResolver.js, and upstreamGapAnalyzer.js for unified dependency and upstream handling
• Refactored manifestParser.js to use shared utilities and remove duplicate fs code
• Added 14 new lockfile parser modules and shared parsing utilities in lockfileParsers/ directory
• All new source files include proper copyright headers

Reviewed changes

Copilot reviewed 73 out of 86 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
util/upstreamChecker.js	Refactored private methods into module-level functions and added new method for getting active upstreams for a format
util/manifestParser.js	Migrated from direct fs usage to shared utilities and refactored pyproject parsing
util/packageNameNormalizer.js	New module for normalizing package names across ecosystems
util/lockfileResolver.js	New module providing unified interface for detecting and resolving lockfiles
util/upstreamGapAnalyzer.js	New module for analyzing which dependencies are reachable via upstream proxies

Files not reviewed (2)

• test/fixtures/npm/package-lock.json: Language not supported
• test/fixtures/npm/pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[DevonL]

Retargeting base branch to PR #45. Reopening as new PR.