feat: debloat package-lock.json

[SandZn]

Hi,

Thanks for developing this good project, which provides high-coverage tests.

I'm doing dynamic analysis on npm packages, and your project is one of my samples.

Through our dynamic analysis by running the test suites, we find that 90+ indirect runtime dependencies are installed, however, they are not used during the test runtime. We removed this dependency from package-lock.json, and installed the remaining dependencies using the new package-lock.json, the tests all passed.

Would you consider creating a slim version of the package-lock.json, which can help reduce the corresponding maintenance costs and security risks in production?