[FEAT]: Support rules_js instead of rules_nodejs

[Aghassi]

Is there an existing feature request for this?

• I have searched the existing feature requests

Description

rules_nodejs is no longer maintained. The code authors (Aspect.dev) have started a new ruleset known as rules_js which relies on pnpm as the locking mechanism and layout tool instead of yarn and npm. We currently are considering/moving to this rule set for the speed gains and better bazel interoperability. However, we want to make sure Snyk is still able to read our lockfiles and support of dependency vulnerability story.

Additional Information

Reach out to the maintainer in https://join.slack.com/t/bazelbuild/shared_invite/zt-1omx36ec7-nDHp5YM1hvZ3tkWfBjq~NQ in the #javascript channel or see https://aspect.build/ for more info

[scott-es]

Hey @Aghassi , I'll keep you posted here. How are you currently using Snyk with rules_nodejs, simply giving snyk the yarn.lock or package-lock.json file?

At any rate, my hope is that support for rules_js would not be dependant on those files directly, but I have yet to confirm that.

[Aghassi]

So right now we are using the snyk-cli I believe, not even bazel, to scan the lockfile. With our intent to move to rules_js we are tied to pnpm as the resolver, which means we need to translate the lockfile to yarn.lock or package-lock since snyk currently doesn't support pnpm :(

[Aghassi]

But I believe (CC @gregmagolan), rules_js lays out some stuff under the hood for bazel based on the pnpm-lock.yaml so it's dependant on that file, but not the cli itself.

[gregmagolan]

rules_js has a dependency on the pnpm lock file. It doesn't use pnpm itself but by depending on the pnpm lock file it creates an indirect dependency on pnpm. Users of rules_js have the best experience if they use pnpm as their package manager. The reason the pnpm lock file is key for Bazel is that the yarn & npm lock file formats don't enough information to create lazy fetched & linked dependencies which is table stakes for 3rd party deps with Bazel.