Better license finding

[brandon-leapyear]

As an example, NPM shows passport-local as having no license, but if you go to package.json, it has both "license": "MIT" and "licenses": [{"type":"MIT", "url": "..."}]. It would be great if this plugin bypassed what NPM says and look directly at the dep's package.json

[mhassan1]

It looks like tag v1.0.0 of that library doesn't have license and only has licenses in its package.json: https://github.com/jaredhanson/passport-local/blob/v1.0.0/package.json#L26-L31

It seems like the license field was added after the 1.0.0 release but they never did another release...

This library checks the dependency's package.json here: https://github.com/mhassan1/yarn-plugin-licenses/blob/5be13c2e63e8afe428e832e2bcd08d983a88cce4/src/utils.ts#L47-L52

[brandon-leapyear]

:sparkles: This is an old work account. Please reference @brandonchinn178 for all future communication :sparkles:

---

ah ok. I thought I saw a lot more "MISSING" licenses, but I guess not. Thanks!

[brandon-leapyear]

:sparkles: This is an old work account. Please reference @brandonchinn178 for all future communication :sparkles:

---

Here's are some other examples:

• https://github.com/mscdex/busboy/blob/master/package.json
• https://github.com/mscdex/dicer/blob/master/package.json

Can you also look in licenses?

[mhassan1]

Thanks for the feature request! The NPM docs mention that licenses is no longer valid package metadata (link), but if busboy is still using it, it seems reasonable for this plugin to support it. Support for the licenses property will be addressed by #9.

[brandon-leapyear]

:sparkles: This is an old work account. Please reference @brandonchinn178 for all future communication :sparkles:

---

Thanks!