Avoid jsonfilter (or if associated with the project, work with them to update it)

[brettz9]

Hi,

Your use of jsonfilter: ^1.1.2 suffers from this issue, namely that that package indicates no precise license (just stating "BSD" as the license which is not a valid SPDX identifier expected in the package.json license field) nor does the version of JSONStream that it is depending on have any license info (its updated version does, but not the 0.8.4 version jsonfilter is pegged to).

To make your project and its users avoid potentially being in violation of license terms, please drop this dependency (or if possible, work with jsonfilter to get them to officially clarify and add a proper license to package.json along with their JSONStream dependency being updated (or removed) so it similarly has a clarified license status).

Thank you!