feat: implement Node and Python dependency parsing engine

[PrasanthYT]

Overview

This PR introduces the dependency parsing engine for Scanr.

It enables extraction of dependencies from Node.js and Python projects and integrates the results into the scanr scan . command.

Scope

Node.js Support

• Parse package.json

• Parse package-lock.json

• Extract:

  • dependency name
  • version
  • direct vs transitive classification

Python Support

• Parse requirements.txt

• Extract:

  • dependency name
  • version

Core Data Model

Introduced internal representation:

struct Dependency {
    name: String,
    version: String,
    ecosystem: Ecosystem,
    direct: bool,
}

This model enables:

• Ecosystem-aware scanning
• Direct vs transitive differentiation
• Future OSV lookup integration
• SBOM generation compatibility

CLI Integration

scanr scan . now:

• Detects project type (Node or Python)
• Extracts dependencies
• Prints structured dependency list
• Executes without panic

Validation

• Works on sample Node.js project
• Works on sample Python project
• cargo build --workspace --release passes
• CLI execution verified manually

Impact

• First functional scanning capability

• Establishes foundation for:

  • Vulnerability investigation
  • SBOM generation
  • Dependency diffing

No breaking changes.