Submit Updates to Packages with ambiguous licenses

[lewisdaly]

Goal:

As a OSS Maintainer I want to update any dependencies that have ambiguous licenses so that we can clarify where we stand on the licensing of dependencies.

Tasks:

• Submit PRs to the following repositories with clarified licenses:

Done	Repo	Issue
[ ]	https://github.com/typicaljoe/taffydb	Contains MIT license on github, but not listed in package.json Latest version fixes this: v2.7.3
[ ]	https://github.com/dscape/cycle	Listed as Public-Domain on npm, license-scanner has trouble parsing the package.json
[ ]	https://github.com/tjfontaine/node-buffercursor	No license on github or npm

• Once the above changes are accepted, update the package version in the package.json or package-lock.json file to pull through this license update. Apply for:
  - [ ] central-directory No longer used - for legacy support only

  • central-ledger
  • central-settlement
  • interop-switch-js
  • ml-api-adapter
  • mock-pathfinder

• Remove any now outdated whitelisted packages from the license-scanner config.toml

Acceptance Criteria:

• Designs are up-to date
• Unit Tests pass
• Integration Tests pass
• Re run the license-scanner across all repos and ensure there are no more warnings for the above packages

Pull Requests:

• Extend the "Public Domain" Regex to handle dashes and underscores davglass/license-checker#211 note: this is to update the license-checker to better handle the Public-Domain string in cycle
• Fix the package.json formatting to allow for better parsing by NPM dscape/cycle#25 note: This is to fix the non-standard package.json file, which causes the license field to be missing after an npm install
• Add LICENSE file and license entry to package.json tjfontaine/node-buffercursor#12 note: This package appears to have an MIT license, but this PR makes that explicit

Follow-up:

• TBD

Dependencies:

• N/A

Accountability:

• Owner: @lewisdaly
• QA/Review: TBC

[lewisdaly]

Looks like taffydb has already fixed this license issue in v2.7.3

[lewisdaly]

Cycle is listed as Public Domain in the package.json, but the license scanner tool fails to parse the package.json file for some reason.

[lewisdaly]

This will be blocked now as we wait for pull requests to other repos out of our control to be reviewed, and npm modules to be released.

[lewisdaly]

The cycle maintainer doesn't seem to want to release a new version. (Ref: dscape/cycle#21)

It may not be worth worrying about for now, since the only places we use this dependency are in central-directory (which is no longer used) and interop-switch-js

[Halkcyon]

I've submitted a PR to address cycle if any of the maintainers are still active.

dscape/cycle#26

[lewisdaly]

Thanks @TheIncorrigible1 . Unfortunately I think the maintainer is MIA, we might not get a release anytime soon.