feat(cli): Add `--frozen` flag to error out if lockfile is out of date (#24355)

Closes #18296.

Adds a `--frozen` (alias `--frozen-lockfile`) flag that errors out if
the lockfile is out of date. This is useful for running in CI (where an
out of date lockfile is usually a mistake) or to prevent accidental
changes in dependencies.

![Screenshot 2024-06-26 at 7 11
13 PM](https://github.com/denoland/deno/assets/17734409/538404b8-b422-4f05-89e8-4c9b1c248576)

1 files changed, 7 insertions, 4 deletions

diff --git a/cli/module_loader.rs b/cli/module_loader.rs
index ed1a9526f..0e81736e5 100644
--- a/cli/module_loader.rs
+++ b/cli/module_loader.rs
@@ -72,10 +72,13 @@ use deno_semver::npm::NpmPackageReqReference;
 pub async fn load_top_level_deps(factory: &CliFactory) -> Result<(), AnyError> {
   let npm_resolver = factory.npm_resolver().await?;
   if let Some(npm_resolver) = npm_resolver.as_managed() {
-    npm_resolver.ensure_top_level_package_json_install().await?;
-    // TODO(nathanwhit): we call `cache_packages` if the lockfile is modified,
-    // so by calling it here it's possible we end up calling it twice
-    npm_resolver.cache_packages().await?;
+    if !npm_resolver.ensure_top_level_package_json_install().await? {
+      if let Some(lockfile) = factory.maybe_lockfile() {
+        lockfile.error_if_changed()?;
+      }
+
+      npm_resolver.cache_packages().await?;
+    }
   }
   // cache as many entries in the import map as we can
   if let Some(import_map) = factory.maybe_import_map().await? {