Use package-lock.json to install packages if there is one available.

[HyperBrain]

What did you implement:

Closes #245

How did you implement it:

If a package-lock.json is found besides the package.json of the project, it is copied to the packaged dependencies folder, so that the plugin now installs the locked versions (for components that are present in the lock file).
The package.json used for packaging is now pre-assembled because only an unqualified npm install uses an existing lock file.

How can we verify it:

Use a project with locked dependencies, package and check the created zip file.

Todos:

• Write tests
• Write documentation
• Fix linting errors
• Make sure code coverage hasn't dropped
• Provide verification config / commands / resources
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO

[arabold]

Why not use the sync versions if you're using it in a synchronous way?

[HyperBrain]

Because it will stall the Node event loop (even if something else might be running in the background - outside of the function) - we still run in the Serverless context and should not affect our host in any way ;-) This makes sure that we have a "thread/task" switch.

[arabold]

Tell that to the Serverless guys using synchronous functions whenever humanly possible 🤣

[HyperBrain]

Haha... In the meantime they even turned some of the stuff asynchronously, like file copy.

[HyperBrain]

@silver2k This is the issue. The assembly of the dependency name breaks here if the dependency includes a ..

It is handled as if it was a nested property. I will provide a fix asap and release 3.1.2.