(Scanner) implement dependency-confusion warning

[fraxken]

The idea is to implement a warning when there is risk of dependency confusion: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

Scenarios:

• The dependency declared in the package.json do not exist on the public NPM registry (it's probably hosted privately somewhere).
• The dependency is identified from a custom registry with a namespace (and resolved if local configuration is ok) but there no public organization exists on NPM.