yarn lockfile scan doesnt catch dev dependencies #4548
Description
What would you like to be added:
yarn lockfile scan doesnt catch dev dependencies right now like npm/pmpm,
also adding an option to exclude dev deps
Why is this needed:
1-scan yarn lock
2-check package json if its there
3-find dev and prod deps
4-find all transitives
5-filter and ret result
Additional context: