Fix license notice generation script to include transitive dependencies (#6272)

Co-authored-by: matt korwel <matt.korwel@gmail.com>

packages/vscode-ide-companion/scripts/generate-notices.js

@@ -43,10 +43,25 @@ async function getDependencyLicense(depName, depVersion) {
 
     repositoryUrl = depPackageJson.repository?.url || repositoryUrl;
 
-    const licenseFile = depPackageJson.licenseFile
+    const packageDir = path.dirname(depPackageJsonPath);
-      ? path.join(path.dirname(depPackageJsonPath), depPackageJson.licenseFile)
+    const licenseFileCandidates = [
-      : path.join(path.dirname(depPackageJsonPath), 'LICENSE');
+      depPackageJson.licenseFile,
+      'LICENSE',
+      'LICENSE.md',
+      'LICENSE.txt',
+      'LICENSE-MIT.txt',
+    ].filter(Boolean);
 
+    let licenseFile;
+    for (const candidate of licenseFileCandidates) {
+      const potentialFile = path.join(packageDir, candidate);
+      if (await fs.stat(potentialFile).catch(() => false)) {
+        licenseFile = potentialFile;
+        break;
+      }
+    }
+
+    if (licenseFile) {
       try {
         licenseContent = await fs.readFile(licenseFile, 'utf-8');
       } catch (e) {
@@ -54,6 +69,9 @@ async function getDependencyLicense(depName, depVersion) {
           `Warning: Failed to read license file for ${depName}: ${e.message}`,
         );
       }
+    } else {
+      console.warn(`Warning: Could not find license file for ${depName}`);
+    }
   } catch (e) {
     console.warn(
       `Warning: Could not find package.json for ${depName}: ${e.message}`,
@@ -68,14 +86,49 @@ async function getDependencyLicense(depName, depVersion) {
   };
 }
 
+function collectDependencies(packageName, packageLock, dependenciesMap) {
+  if (dependenciesMap.has(packageName)) {
+    return;
+  }
+
+  const packageInfo = packageLock.packages[`node_modules/${packageName}`];
+  if (!packageInfo) {
+    console.warn(
+      `Warning: Could not find package info for ${packageName} in package-lock.json.`,
+    );
+    return;
+  }
+
+  dependenciesMap.set(packageName, packageInfo.version);
+
+  if (packageInfo.dependencies) {
+    for (const depName of Object.keys(packageInfo.dependencies)) {
+      collectDependencies(depName, packageLock, dependenciesMap);
+    }
+  }
+}
+
 async function main() {
   try {
     const packageJsonPath = path.join(packagePath, 'package.json');
     const packageJsonContent = await fs.readFile(packageJsonPath, 'utf-8');
     const packageJson = JSON.parse(packageJsonContent);
 
-    const dependencies = packageJson.dependencies || {};
+    const packageLockJsonPath = path.join(projectRoot, 'package-lock.json');
-    const dependencyEntries = Object.entries(dependencies);
+    const packageLockJsonContent = await fs.readFile(
+      packageLockJsonPath,
+      'utf-8',
+    );
+    const packageLockJson = JSON.parse(packageLockJsonContent);
+
+    const allDependencies = new Map();
+    const directDependencies = Object.keys(packageJson.dependencies);
+
+    for (const depName of directDependencies) {
+      collectDependencies(depName, packageLockJson, allDependencies);
+    }
+
+    const dependencyEntries = Array.from(allDependencies.entries());
 
     const licensePromises = dependencyEntries.map(([depName, depVersion]) =>
       getDependencyLicense(depName, depVersion),