refactor: remove legacy Snyk Code TypeScript client

[fsargent]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages are release-note ready, emphasizing what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

Removes the legacy TypeScript Snyk Code implementation backed by @snyk/code-client now that Snyk Code runs through the native Go workflow.

This PR:

• upgrades github.com/snyk/code-client-go to v1.28.0 in both public and private Go modules
• removes @snyk/code-client from package.json and package-lock.json
• deletes the TypeScript SAST plugin implementation and obsolete unit tests that mocked the Node code client
• removes the legacy code ecosystem plugin registration from the TypeScript CLI path
• adds explicit TypeScript guards so accidental --code use in legacy TS commands fails clearly instead of silently falling back to the removed client
• keeps Snyk Code acceptance coverage focused on the native Go workflow

Where should the reviewer start?

Start with:

• src/lib/ecosystems/plugins.ts for removal from the TypeScript ecosystem registry
• src/cli/commands/test/index.ts for the explicit legacy TypeScript guard
• test/jest/acceptance/snyk-code/snyk-code-integration.spec.ts for native workflow coverage
• cliv2/go.mod and cliv2-private/go.mod for the native code client upgrade

How should this be manually tested?

Validated locally with:

• make format
• make lint
• make build BUILD_MODE=private
• cd cliv2 && make test
• npx jest --runInBand test/jest/unit/ecosystems.spec.ts test/jest/unit/validate-fix-command-is-supported.spec.ts
• TEST_SNYK_COMMAND=./binary-releases/snyk-macos-arm64 npx jest --runInBand test/jest/acceptance/snyk-code/snyk-code-integration.spec.ts
• cd cliv2 && go test github.com/snyk/code-client-go/pkg/code github.com/snyk/code-client-go/internal/commands/code_workflow

What's the product update that needs to be communicated to CLI users?

Snyk Code in the packaged CLI now uses the native Go implementation only. There is no intended user-facing command change.

Risk assessment (Low | Medium | High)?

Medium. The intended Snyk Code runtime path is native Go, but this removes a legacy TypeScript implementation and related dependency surface. The PR includes guards and native acceptance coverage to catch accidental fallback into the removed path.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[snyk-io]

⚠️ Snyk checks are incomplete.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
⚠️	Open Source Security	0	0	0	0	See details
⚠️	Licenses	0	0	0	0	See details
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.