feat: fall back to package-lock.json or npm ls

Closes #10

Author: dominykas

lib/index.js

@@ -1,5 +1,7 @@
 'use strict';
 
+const Cp = require('child_process');
+const Fs = require('fs');
 const Npm = require('libnpm');
 const Path = require('path');
 const Topo = require('topo');
@@ -66,16 +68,41 @@ internals.runScript = (stage, { pkg, path, cwd, unsafePerm }) => {
     });
 };
 
+internals.getLockFile = (cwd) => {
+
+    if (Fs.existsSync(Path.join(cwd, 'npm-shrinkwrap.json'))) {
+        return require(Path.join(cwd, 'npm-shrinkwrap.json'));
+    }
+
+    if (Fs.existsSync(Path.join(cwd, 'package-lock.json'))) {
+        return require(Path.join(cwd, 'package-lock.json'));
+    }
+
+    let output;
+    try {
+        output = Cp.execSync('npm ls --json', { cwd });
+    }
+    catch (err) {
+        output = err.output[1]; // npm will exist with an error when e.g. there's peer deps missing - attempt to ignore that
+    }
+
+    try {
+        return JSON.parse(output.toString());
+    }
+    catch (err) {
+        console.error(err);
+        throw new Error('Failed to read the contents of node_modules');
+    }
+};
+
 exports.run = async (cmd = 'install') => {
 
     const cwd = process.cwd();
     const pkg = require(Path.join(cwd, 'package.json'));
 
     pkg._id = `${pkg.name}@${pkg.version}`; // @todo: find an official way to do this for top level package
 
-    const shrinkwrap = require(Path.join(cwd, 'npm-shrinkwrap.json'));
-
-    const tree = Npm.logicalTree(pkg, shrinkwrap);
+    const tree = Npm.logicalTree(pkg, internals.getLockFile(cwd));
     const queue = internals.queue(tree);
 
     const allowScripts = pkg.allowScripts || {};