pub fn sniff_lifecycle(manifest: &PackageJson) -> Vec<Suspicion>Expand description
Scan a dep’s manifest for suspicious lifecycle script bodies.
Returns one Suspicion per (hook, rule) pair that matched.
Empty result for packages with no scripts or no matches.