[x] skip unknown versions of packages to make the report consistent
[x] make quality scores do not affect a package’s risk level since a quality criteria does not offset a security vulnerability or risk attribute, NCM 2 does not assign an impact severity to a quality attribute: https://docs.nodesource.com/ncmv2/docs#quality-severity