Dependencies are scanned incorrectly

[rus0000]

https://github.com/davglass/license-checker/blob/master/lib/index.js#L45 Here, to avoid circular dependencies traversal we also avoid to scan same package version twice.

read-installed module returns package dependencies as they are resolved by Node module loading mechanism. This mechanism allows to have same package version to be loaded with different dependency tree. That means we should analyze same package version again, even if it already was processed.

Steps to reproduce

$ npm init -y
$ npm i -S [email protected] [email protected]
$ npm ls ansi-regex
├─┬ [email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └── [email protected] 
└─┬ [email protected]
  └─┬ [email protected]
    ├─┬ [email protected]
    │ └── [email protected] 
    └─┬ [email protected]
      └── [email protected]
$ license-checker | grep ansi-regex
├─ [email protected]
│  ├─ repository: https://github.com/chalk/ansi-regex
│  └─ licenseFile: /home/ruslan/Projects/verify/t1/node_modules/ansi-regex/licens

[email protected] is missed from license-checker, because [email protected] is not processed twice.

[davglass]

Thanks for the issue, I'll have to think on this one.. This was added because it can cause an infinite loop if there are circular dependencies. The issue here is that the nsp package has an npm-shrinkwrap.json file that prohibits it from using the updated version of ansi-regex.

I'll have to look into seeing how I can trap the infinite loop so that I can remove this.