Wrong example package detected in package-lock.json

[spoenemann]

The Eclipse Langium project contains examples such as the "statemachine" example: https://github.com/eclipse-langium/langium/tree/main/examples/statemachine

This is how it looks like in the generated package-lock.json: https://github.com/eclipse-langium/langium/blob/b16bc7ffd10ca1fabaf3cc16fc71b2cabda45d53/package-lock.json#L128-L138

Applying the Dash License Tool to this file resulted in the detection of a dependency named statemachine. This is wrong because

• the real name of the package is langium-statemachine-dsl,
• the package is not a dependency, but just an example defined within our own code repository.

The -review option led to the creation of this issue: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/11645

[waynebeaton]

The real issue, I believe, is that this is not a dependency. Rather it is project code.

the package is not a dependency, but just an example defined within our own code repository.

I have a fix that recognises that this is a "local" asset that I believe addresses the problem.

This fix will result in the tool detecting fewer items as dependencies. I believe that this is correcting current bad behaviour, but it will have an impact on others, so I want to run this on a few examples to get a better sense for the impact.

[waynebeaton]

I've pushed the fix and am in the process of pushing out a new release.

[waynebeaton]

Version 1.1.0 has been pushed to repo.eclipse.org