[BUG] Snowflake package license misidentified

**Describe the bug**
License of Python Snowflake package is misidentified.
I suspect it has to do with GitHub incorrectly assuming the code is on GitHub. I've seen this issue many times before, also via the GitHub insights in dependencies.

The package itself it limited in scope and explicitly states Apache-2.0 on all places:

- **LICENCE** Apache-2.0 license
- **PKG-INFO** contains Apache-2.0 license
- **pyproject.toml** states Apache-2.0 license
- **README.md** doesn't state a license

**To Reproduce**
1. Create Python project with [snowflake 1.11.0](https://pypi.org/project/snowflake/) package.
2. Scan with dependency-review-action
3. Get scan output: <img width="813" height="64" alt="Image" src="https://github.com/user-attachments/assets/870cca1f-54f5-45b3-bc1e-fc7555ad7cc4" />
4. This links to an incorrect repository [snowflake](https://github.com/shaddi/snowflake) which lacks a license. **Assumption** that this repository is checked for the license, instead of the pypi sourcecode.

**Expected behavior**
Would list apache-2.0 license.

**Screenshots**
If applicable, add screenshots to help explain your problem.

**Action version**
Latest.

**Context**
We see that many more Python packages are not identified:
<img width="813" height="504" alt="Image" src="https://github.com/user-attachments/assets/ef40677b-fb8b-4457-b914-65ecbbc5a6d2" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] Snowflake package license misidentified #1051

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] Snowflake package license misidentified #1051

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions