Transform dash-licenses into Node.js library with ClearlyDefined API and harvest support

[olexii4]

Is your enhancement related to a problem? Please describe

I'm always frustrated when I need to analyze JavaScript project dependencies for license compliance, but the existing dash-licenses tool has several significant limitations:

1. Docker-only workflow is cumbersome:

   • Requires Docker installation and image building
   • Complex setup for simple license checking
   • Cannot be integrated into existing Node.js projects
   • Difficult to use in CI/CD pipelines
   • No programmatic API for automation

2. Relies on Java/JAR dependency:

   • Requires Java 11+ installation
   • Eclipse dash-licenses.jar dependency is heavy
   • Closed ecosystem, not accessible to JavaScript community
   • Performance bottleneck with individual API calls

3. Missing crucial features:

   • No automatic harvest requests for missing license data
   • Cannot handle packages that haven't been crawled by ClearlyDefined yet
   • Manual process to find and resolve "restricted" dependencies
   • No way to contribute back to the license database

4. Poor developer experience:

   • No colored output or progress indicators
   • Difficult to debug issues
   • No clear documentation of API integration
   • Hard to understand what's happening during execution

Describe the solution you'd like

Transform dash-licenses into a modern Node.js library with the following capabilities:

1. Library-First Architecture

// Use as library in Node.js projects
import { generate } from 'license-tool';

const result = await generate({
  projectPath: '/path/to/project',
  batchSize: 500,
  check: false,
  debug: false,
  harvest: true
});

Or use as CLI:

npx license-tool --harvest

Benefits:

• No Docker required
• Easy integration into any Node.js project
• Can be embedded in other tools (VS Code extensions, CI/CD)
• Programmatic API for automation
• Simple npm install workflow

2. Open API Integration (ClearlyDefined HTTP API)

Replace Eclipse JAR dependency with public ClearlyDefined HTTP API:

Features:

• No Java installation needed
• Direct HTTP API access to clearlydefined.io
• Batch POST API: 100 dependencies per request
• Performance: 7.5x faster than individual GET requests
• Community-driven license database
• Optional JAR fallback for Eclipse IP database when needed

API Usage:

• POST /definitions - Batch fetch licenses (100 coords/request)
• GET /harvest/{coordinate} - Check harvest status
• POST /harvest - Request harvest for missing data

3. Automatic Harvest Support

Problem solved: Many "restricted" dependencies are just packages that haven't been crawled yet by ClearlyDefined.

Solution: Auto-request harvest with --harvest flag:

1. Tool detects unresolved dependencies
2. Checks if package was already harvested
3. Requests ClearlyDefined to crawl the source repository
4. Re-run later to pick up harvested license data

Benefits:

• Resolves false "restricted" dependencies
• Contributes to open source community
• Improves ClearlyDefined database for everyone
• Reduces manual license investigation

4. Enhanced Developer Experience

• Colored output: INFO, SUCCESS, WARN, ERROR with chalk
• Timestamps: HH:MM:SS format for all operations
• Progress indicators: Shows current/total with percentage
• Duration tracking: API calls, JAR execution, total time
• Debug logging: Detailed request/response information
• Comprehensive docs: Architecture, API guide, harvest workflow

5. Simplified Architecture

• Webpack: 12 entrypoints → 2 (cli.js, index.js)
• Package managers: Direct imports instead of compiled scripts
• Error handling: Proper exceptions for library mode
• Testing: Comprehensive test suite with E2E library tests

Describe alternatives you've considered

No response

Additional context

No response