feat: add root and nested Ruby and npm projects

This commit adds four separate projects to this repo, intended for
testing monorepo/custom target-file support on the Snyk platform.

Gemfile

@@ -0,0 +1,6 @@
+source :rubygems
+
+gem "sinatra"
+gem "haml"
+gem "httparty"
+gem "actionpack"

Gemfile.lock

@@ -0,0 +1,71 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionpack (4.2.5)
+      actionview (= 4.2.5)
+      activesupport (= 4.2.5)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.5)
+      activesupport (= 4.2.5)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activesupport (4.2.5)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    builder (3.2.2)
+    erubis (2.7.0)
+    haml (3.1.4)
+    httparty (0.8.1)
+      multi_json
+      multi_xml
+    i18n (0.7.0)
+    json (1.8.3)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mini_portile2 (2.1.0)
+    minitest (5.9.1)
+    multi_json (1.12.1)
+    multi_xml (0.5.5)
+    nokogiri (1.6.8.1)
+      mini_portile2 (~> 2.1.0)
+    rack (1.6.4)
+    rack-protection (1.5.3)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    sinatra (1.3.2)
+      rack (~> 1.3, >= 1.3.6)
+      rack-protection (~> 1.2)
+      tilt (~> 1.3, >= 1.3.3)
+    thread_safe (0.3.5)
+    tilt (1.4.1)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionpack
+  haml
+  httparty
+  sinatra
+
+BUNDLED WITH
+   1.13.2

bundler-app/Gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "rack-cache", "~> 1.1.0"
+gem "rack", "~> 1.6.2"
+gem "rack-protection", "~> 1.5.0"

bundler-app/Gemfile.lock

@@ -0,0 +1,19 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    rack (1.6.5)
+    rack-cache (1.1)
+      rack (>= 0.4)
+    rack-protection (1.5.3)
+      rack
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rack (~> 1.6.2)
+  rack-cache (~> 1.1.0)
+  rack-protection (~> 1.5.0)
+
+BUNDLED WITH
+   1.14.3

npm-project/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "goof",
+  "version": "0.0.3",
+  "description": "A vulnerable todo demo application",
+  "homepage": "https://snyk.io/",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Snyk/snyk-todo-list-demo-app/"
+  },
+  "scripts": {
+    "start": "node app.js",
+    "cleanup": "mongo express-todo --eval 'db.todos.remove({});'"
+  },
+  "dependencies": {
+    "body-parser": "1.9.0",
+    "cookie-parser": "1.3.3",
+    "ejs": "1.0.0",
+    "ejs-locals": "1.0.2",
+    "errorhandler": "1.2.0",
+    "express": "4.12.4",
+    "express-fileupload": "0.0.5",
+    "humanize-ms": "1.0.1",
+    "marked": "0.3.5",
+    "method-override": "latest",
+    "moment": "2.15.1",
+    "mongoose": "4.2.4",
+    "morgan": "latest",
+    "ms": "^0.7.1",
+    "npmconf": "0.0.24",
+    "optional": "^0.1.3",
+    "st": "0.2.4",
+    "stream-buffers": "^3.0.1",
+    "tap": "^5.7.0"
+  }
+}

package.json

@@ -0,0 +1,15 @@
+{
+  "name": "shallow-goof",
+  "version": "0.0.1",
+  "description": "A vulnerable demo application",
+  "homepage": "https://snyk.io/",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Snyk/shallow-goof"
+  },
+  "dependencies": {
+    "qs": "0.0.6",
+    "node-uuid": "1.4.0"
+  }
+}
+