For these dependencies the licenses are unknown. Dependencies with unknown licenses can be as dangerous as dependencies that violate your license whitelist. We recommend manually looking up the license. If no license can be found, the creators of the dependency have to be contacted and asked for the license. If the creators are not reacting, we recommend removing these dependencies to avoid potential legal risks.
In exceptional cases, the provider may not have any license information for an open source component. Initially, this only means that the license data could not be accessed automatically by the crawlers. For example, developer license information may have been hidden in the documentation or at an unusual point in the source code, or may not be automatically accessible for other reasons. There are also many cases where developers of OS components have not defined a license. In such cases, the provider tries to contact the developer or developers and ask about the license. The provider does not owe any other activities.