downstream project configs #49
Description
Currently when importing/requiring cve-core in another project, you need to make a copy of the entire cve-core/config directory in the project. This means that the downstream project needs to make sure that defaults.jsonc and custom-environment-variables is identical to the specific version of cve-core they are using, and updating cve-core to a newer version may require changes to their local copies of those files.
A better approach is to use the configuration files in node_modules/cve-core/config, which will always have the proper version for each release. Then in the downstream project's config directory, only put overrides. This will minimize the coupling between the projects.