We had some cruft in vendor/vendor.json. This change adds a CI check to prevent it from happening again.