IssueHunt
Bug Bounty (New!)
Browse
Sign in with GitHub
chalk/strip-ansi

License not readable #50

victorlmneves posted onGitHub

Hi I'm working on a project where a package uses your library Now that we are testing the pipeline we have started getting errors related to the package license file

[ERROR] The IQ Server reports policy failing due to 
Policy(License-None) [
 Component(displayName=strip-ansi-cjs : 6.0.1, hash=849ff8d01283d89e19c0) [
  Constraint(Contact Sonatype Support - declared license issue: Not Provided) [License is 'Not Supported' because: Found 'Not Supported' license, on condition 0, License is 'Not Provided' because: Found 'Not Provided' license, on condition 0] ]]
[ERROR] The IQ Server reports policy failing due to 
Policy(License-None) [
 Component(displayName=string-width-cjs : 4.2.3, hash=e621da8847ceb2f46d3f) [
  Constraint(Contact Sonatype Support - declared license issue: Not Provided) [License is 'Not Supported' because: Found 'Not Supported' license, on condition 0, License is 'Not Provided' because: Found 'Not Provided' license, on condition 0] ]]
[ERROR] The IQ Server reports policy failing due to 
Policy(License-None) [
 Component(displayName=wrap-ansi-cjs : 7.0.0, hash=feb65f52a9f9713d5c12) [
  Constraint(Contact Sonatype Support - declared license issue: Not Provided) [License is 'Not Supported' because: Found 'Not Supported' license, on condition 0, License is 'Not Provided' because: Found 'Not Provided' license, on condition 0] ]]
[WARN] The IQ Server reports policy warning due to

I have used Gemini to see if there was any problem with the license file and got this answer image

While asking for example to check the one from Vue, I got the answer image

Thanks

Sorry, there's nothing actionable here. Seems like a problem with the tooling you're using. Our license is a normal text file and we even have the license identifier in the package.json as a hint. Github picks it up just fine.

image

posted by Qix- 10 months ago

@Qix- So, you're saying that is an issue from NexusIQ? If so, why does it only happen with this library?

posted by victorlmneves 10 months ago

Not sure 🙃 can you find something wrong with our license file? I don't know what NexusIQ is so it's probably best to ask them.

posted by Qix- 10 months ago

NexusIQ provides intelligence on open-source components used within your applications, and associated metadata, such as security vulnerabilities and licenses. We had a similar issue in the past from another library and in that case, they didn't have any license file available in the repo I just reported because when I tried to find if it was something related to the content of the license file Gemini complained about not being able to access it and doing the same test for the Vue license there was no problem And since I see it complaining on multiple versions, I don't know if there was a problem when the file was created or something else. I can also ask in the company if they can get some feedback from NexusIQ about this

posted by victorlmneves 10 months ago

Fund this Issue

$0.00
Funded

Pull requests

Company
AboutMission
Community
SpectrumEmbed
Support
FAQTerms of usePrivacy policyCode of conductCredits
Connect
FacebookTwitter

© 2019 BoostIO, Inc.