From c465bc9fc70b89bb44cc1e9c0d9df032c098cc0a Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 27 Nov 2017 21:46:33 -0500
Subject: [PATCH] fixed incorrect parsing of license information

---
 .../analyzer/AbstractNpmAnalyzer.java              | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
index 671a13147..a6d266e71 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -281,6 +281,20 @@ public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
             final Object value = json.get("license");
             if (value instanceof JsonString) {
                 dependency.setLicense(json.getString("license"));
+            } else if (value instanceof JsonArray) {
+                final JsonArray array = (JsonArray) value;
+                final StringBuilder sb = new StringBuilder();
+                boolean addComma = false;
+                for (int x = 0; x < array.size(); x++) {
+                    if (!array.isNull(x)) {
+                        if (addComma) {
+                            sb.append(", ");
+                        } else {
+                            addComma = true;
+                        }
+                        sb.append(array.getString(x));
+                    }
+                }
             } else {
                 dependency.setLicense(json.getJsonObject("license").getString("type"));
             }