Use npm audit by default, keep Snyk optional #3
Description
Right now the action defaults to Snyk for node projects, which requires a token and license.
Change
- Default to npm audit for Node.js projects.
- Only use Snyk if SNYK_TOKEN is set in the workflow.
Why
- npm audit works out of the box for everyone.
- Snyk remains available for teams that prefer it.
Tasks
- Implement a tool that is using nmpt-audit.
- Make the Snyk tool use conditional if the SNYK_TOKEN is set.
- Adjust the prompts if necessary.
- Adjust the documentation.