test: add fixture remediation scan tests

[nkgotcode]

Summary

Adds fixture-scan coverage for remediation command planning across the existing example fixtures, including npm direct, npm transitive, npm within-range, and Yarn within-range cases.

Why this change

Issue #540 asks for integration-style tests that scan example fixtures and assert the expected output behavior. The new test loads fixture lockfiles through the parser layer, builds minimal findings, and checks the remediation command plan without relying on OSV/network calls.

What changed

• Added tests/fixture-scan.test.ts covering wrong-parent, direct-fixable, transitive-only, no-findings, and yarn-within-range fixtures.
• Added the small examples/yarn-within-range Yarn Classic fixture so the Yarn lockfile refresh behavior is covered in this PR.
• Asserted that within-range transitive fixes produce lockfile refresh commands instead of parent upgrades.

Validation

• npm test -- tests/fixture-scan.test.ts --runInBand
• npm test -- tests/parsers.test.ts tests/fix-commands-subfolder.test.ts tests/fixture-scan.test.ts --runInBand
• npm run build

User-facing impact

Does this change:

• affect scanning behavior
• affect output formatting
• affect JSON output
• affect docs only

Notes

Closes #540.

[sonukapoor]

Thanks for picking up issue #540 — the test structure is solid and the coverage is exactly what was asked for.

One issue before this can merge: the examples/yarn-within-range/ fixture is already being contributed by @coder-Yash886 in PR #537 (fixture #5 from discussion #528), which was opened first. To avoid the conflict, please drop your copy of examples/yarn-within-range/ from this PR — once #537 merges, the fixture will be available and your test will work against it automatically.

A few other things to address:

• The PR title has a [codex] prefix — please update it to follow the project convention: test: add fixture remediation scan tests
• The string-width test uses firstFixedVersion: "4.2.3" but the fixture has string-width@7.2.0 installed — please update to a version above 7.2.0
• loadFixture uses searchDepth: 3 — should be 4 to match the default
• Branch needs a rebase against main

If you'd like to contribute an additional fixture, fixtures #2, #3, #8, #9, and #12 are still open in discussion #528 — happy to assign one to you.

[nkgotcode]

Pushed 7584ed9 and updated the title. The branch is rebased on main; loadFixture now uses searchDepth 4, the string-width case now uses firstFixedVersion 7.2.1, and this branch's copy of examples/yarn-within-range was removed. PR #537 is still open, so the full fixture test has that one yarn case blocked until the shared fixture lands. Test: npm test -- tests/fixture-scan.test.ts --runInBand -t "wrong-parent|direct dependency|transitive-only|no-findings" -> 4 passed, 1 skipped.

[nkgotcode]

Pushed e04834c to keep CI green while PR #537 is pending: the yarn fixture case now registers only when examples/yarn-within-range exists, so it will run automatically once that shared fixture lands. Test: npm test -- --runInBand -> 27 suites passed, 401 passed, 1 skipped.

[sonukapoor]

All feedback addressed - title, search depth, string-width version, fixture conflict resolved. CI is clean and the yarn test self-guards with itWithFixture until #537 lands.

[sonukapoor]

Merged — thank you @nkgotcode!