feat: provide a --json flag

[Aghassi]

The intended use case for this tool is for users implementing the CLI tool on their own CI without convenience hooks. This means we need the ability to manipulate the output of this tool so that we can format it and display it to the user. I'd like to request a --json flag be added so that developers can take in json and manipulate it to their liking on their ci pipelines instead of using the pre-formatted output this tool provides.

[Aghassi]

I also just noticed this in the README

JSON output will be added soon.

So glad to know this is on the roadmap

[lili2311]

Hi @Aghassi could you provide an example of what sort of information / data shape you are looking for in this output?

[Aghassi]

At the very least I'd expect something like

{
  "added": [],
  "removed": [],
  "vulnerabilities": [],
  "fixable": []
}

Where fixable contains an object like

{
  "name": "",
  "command": ""
}

This way I could do something do something like this:

1. Run snyk script
2. If the script fails, parse the stderr (which is json)
3. Have a script that reads the json and sees if there are vulnerabilities and fixes

I think an API surface you may want to consider mirroring is https://eslint.org/ as they have this concept and I think it is very well executed on.

My response is a bit off the cuff, but basically I want to know

1. why it failed
2. what dep is offending (if any)
3. how can I fix?