feat: add debloated package-lock.json

[SandZn]

Hi,

I found that five transitive dependencies are not used in your package, according to your tests. So I created a package-lock.json file that excludes the useless dependencies. Would you consider removing useless dependencies from your package, so that developers do not need to install them when they use your package?

The five transitive dependencies are:
isexe
path-key
which
shebang-regex
shebang-command

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @eslint/eslintrc@1.4.1

🤔 AI warning

AI has found some unusual behaviors which could indicate a security risk

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Package	Location	Source
@eslint/eslintrc@1.4.1 (added)	dist/eslintrc.cjs	package-lock.json via standard@17.0.0

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues
AI detected security risk	✅ 0 issues
AI warning	⚠️ 1 issue