Scan Report
Created by ORT, the OSS Review Toolkit, version cc543c9380-dirty on 2023-04-02T20:54:26.201458330Z.

Project

Scanned revision 80351a2b3dedf58a2f97b94521dd069f7dadcb46 of Git repository https://github.com/eclipse/codewind-vscode.git

Index

Rule Violation Summary (0 errors, 0 warnings, 3 hints to resolve)

# Rule Package License Message
1 PROJECT_LICENSE_CHECK Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46 DETECTED: BSD-3-Clause-Clear

License BSD-3-Clause-Clear of project 'Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46' is unclassified.

How to fix

Classify BSD-3-Clause-Clear as either approved or restricted.
2 PROJECT_LICENSE_CHECK Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46 DETECTED: LicenseRef-scancode-public-domain

License LicenseRef-scancode-public-domain of project 'Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46' is unclassified.

How to fix

Classify LicenseRef-scancode-public-domain as either approved or restricted.
3 PROJECT_LICENSE_CHECK Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46 DETECTED: NOASSERTION

License NOASSERTION of project 'Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.

Issue Summary (1 errors, 1 warnings, 0 hints to resolve)

Issues from excluded components are not shown in this summary.

Packages

# Package Analyzer Issues Scanner Issues
1 NPM::codewind:0.14.1 NPM::codewind:0.14.1

  • 2023-04-02T20:49:12.655311565Z [WARNING]: NPM - The package-lock.json file was created with an old version of npm,
    so supplemental metadata must be fetched from the registry.
    This is a one-time fix-up, please be patient...
    HttpErrorGeneral: 404 Not Found - GET https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz
    at /opt/nvm/versions/node/v18.12.1/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:93:15
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    Could not fetch metadata for codewind-filewatcher@https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz HttpErrorGeneral: 404 Not Found - GET https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz
    at /opt/nvm/versions/node/v18.12.1/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:93:15
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
    headers: [Object: null prototype] {
    server: [ 'nginx' ],
    date: [ 'Sun, 02 Apr 2023 20:48:53 GMT' ],
    'content-type': [ 'text/html' ],
    'transfer-encoding': [ 'chunked' ],
    connection: [ 'keep-alive' ],
    vary: [ 'Accept-Encoding' ],
    'x-nodeid': [ 'download2' ],
    'strict-transport-security': [ 'max-age=63072000; includeSubDomains; preload' ],
    'content-encoding': [ 'gzip' ],
    'x-fetch-attempts': [ '1' ],
    'x-local-cache-status': [ 'skip' ]
    },
    statusCode: 404,
    code: 'E404',
    method: 'GET',
    uri: 'https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz',
    body: <Buffer 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 ... 20709 more bytes>,
    pkgid: 'codewind-filewatcher@https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz'
    }
    urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
    vscode-test@1.3.0: This package has been renamed to @vscode/test-electron, please update to the new name
    source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated
    source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
    resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
    querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
    vsce@1.74.0: vsce has been renamed to @vscode/vsce. Install using @vscode/vsce instead.
    mkdirp@0.5.3: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
    ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
    flat@4.1.0: Fixed a prototype pollution security issue in 4.1.0, please upgrade to ^4.1.1 or ^5.0.1.
    circular-json@0.5.9: CircularJSON is in maintenance only, flatted is its successor.
    debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
    debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    tslint@6.1.0: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information.

  • 2023-04-02T20:49:12.655406665Z [ERROR]: NPM - code E404
    404 Not Found - GET https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz
    404
    404 'codewind-filewatcher@https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz' is not in this registry.
    404
    404 Note that you can also install from a
    404 tarball, folder, http url, or git url.

NPM::codewind:0.14.1 (dev/package.json)

VCS Information

Type Git
URL https://github.com/eclipse/codewind-vscode.git
Path dev
Revision 80351a2b3dedf58a2f97b94521dd069f7dadcb46

Packages

# Package Scopes Licenses Analyzer Issues Scanner Issues
1 NPM::codewind:0.14.1 Declared Licenses:
Detected Licenses (from VCS):
EPL-2.0 (exemplary link to the first of 124 locations)
Effective License:

  • 2023-04-02T20:49:12.655311565Z [WARNING]: NPM - The package-lock.json file was created with an old version of npm,
    so supplemental metadata must be fetched from the registry.
    This is a one-time fix-up, please be patient...
    HttpErrorGeneral: 404 Not Found - GET https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz
    at /opt/nvm/versions/node/v18.12.1/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:93:15
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    Could not fetch metadata for codewind-filewatcher@https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz HttpErrorGeneral: 404 Not Found - GET https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz
    at /opt/nvm/versions/node/v18.12.1/lib/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:93:15
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
    headers: [Object: null prototype] {
    server: [ 'nginx' ],
    date: [ 'Sun, 02 Apr 2023 20:48:53 GMT' ],
    'content-type': [ 'text/html' ],
    'transfer-encoding': [ 'chunked' ],
    connection: [ 'keep-alive' ],
    vary: [ 'Accept-Encoding' ],
    'x-nodeid': [ 'download2' ],
    'strict-transport-security': [ 'max-age=63072000; includeSubDomains; preload' ],
    'content-encoding': [ 'gzip' ],
    'x-fetch-attempts': [ '1' ],
    'x-local-cache-status': [ 'skip' ]
    },
    statusCode: 404,
    code: 'E404',
    method: 'GET',
    uri: 'https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz',
    body: <Buffer 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 ... 20709 more bytes>,
    pkgid: 'codewind-filewatcher@https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz'
    }
    urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
    vscode-test@1.3.0: This package has been renamed to @vscode/test-electron, please update to the new name
    source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated
    source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
    resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
    querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
    vsce@1.74.0: vsce has been renamed to @vscode/vsce. Install using @vscode/vsce instead.
    mkdirp@0.5.3: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
    ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
    flat@4.1.0: Fixed a prototype pollution security issue in 4.1.0, please upgrade to ^4.1.1 or ^5.0.1.
    circular-json@0.5.9: CircularJSON is in maintenance only, flatted is its successor.
    debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
    debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
    tslint@6.1.0: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information.

  • 2023-04-02T20:49:12.655406665Z [ERROR]: NPM - code E404
    404 Not Found - GET https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz
    404
    404 'codewind-filewatcher@https://archive.eclipse.org/codewind/codewind-filewatcher-ts/v0.12.0/1/filewatcherd-node_0.11.0.tar.gz' is not in this registry.
    404
    404 Note that you can also install from a
    404 tarball, folder, http url, or git url.

    Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46 ()

    VCS Information

    Type Git
    URL https://github.com/eclipse/codewind-vscode
    Path
    Revision 80351a2b3dedf58a2f97b94521dd069f7dadcb46

    Packages

    # Package Scopes Licenses Analyzer Issues Scanner Issues
    1 Unmanaged::codewind-vscode:80351a2b3dedf58a2f97b94521dd069f7dadcb46 Detected Licenses (from VCS):
    Apache-2.0 (exemplary link to the first of 58 locations)
    BSD-2-Clause (exemplary link to the first of 8 locations)
    BSD-3-Clause (exemplary link to the first of 59 locations)
    BSD-3-Clause-Clear (link to the location)
    EPL-2.0 (exemplary link to the first of 129 locations)
    ISC (exemplary link to the first of 65 locations)
    LicenseRef-scancode-public-domain (link to the location)
    MIT (exemplary link to the first of 510 locations)
    NOASSERTION (exemplary link to the first of 2 locations)
    X11 (exemplary link to the first of 2 locations)
    Effective License:
    Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND EPL-2.0 AND ISC AND LicenseRef-scancode-public-domain AND MIT AND NOASSERTION AND X11

        Repository Configuration

        
---
excludes:
  paths:
  - pattern: "**/META-INF/DEPENDENCIES"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/META-INF/NOTICE*"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/*.svg"
    reason: "BUILD_TOOL_OF"
    comment: "SVG files do not contain any license information."
  - pattern: "package-lock.json"
    reason: "BUILD_TOOL_OF"
    comment: "Does not contain any license information."