Your use of jsonfilter: ^1.1.2 suffers from this issue, namely that that package indicates no precise license (just stating "BSD" as the license which is not a valid SPDX identifier expected in the package.jsonlicense field) nor does the version of JSONStream that it is depending on have any license info (its updated version does, but not the 0.8.4 version jsonfilter is pegged to).
To make your project and its users avoid potentially being in violation of license terms, please drop this dependency (or if possible, work with jsonfilter to get them to officially clarify and add a proper license to package.json along with their JSONStream dependency being updated (or removed) so it similarly has a clarified license status).
Hi,
Your use of
jsonfilter: ^1.1.2suffers from this issue, namely that that package indicates no precise license (just stating "BSD" as the license which is not a valid SPDX identifier expected in thepackage.jsonlicensefield) nor does the version ofJSONStreamthat it is depending on have any license info (its updated version does, but not the0.8.4versionjsonfilteris pegged to).To make your project and its users avoid potentially being in violation of license terms, please drop this dependency (or if possible, work with
jsonfilterto get them to officially clarify and add a properlicensetopackage.jsonalong with their JSONStream dependency being updated (or removed) so it similarly has a clarified license status).Thank you!