chore: clear npm audit + dependabot warnings (#23)

* chore: clear npm audit warning

npm audit fix bumps postcss in vite (used by my-react-crasher example)
past the GHSA-qx2v-qp2m-jg93 fix line.

Resolves 1 moderate vulnerability → 0. Build + tests (19 specs) pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore: remove stale workspace lockfile

examples/my-react-crasher/ had its own package-lock.json from before the
workspace setup was added — it pinned ancient versions of vite, esbuild,
rollup, form-data, lodash, etc. that Dependabot was still flagging
(22 alerts) even though the active root workspace lockfile resolved
them all to current versions.

Deleting the orphan lockfile clears the Dependabot alerts. The workspace
install at root is the source of truth.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bobbyg603