NuGet scans return LicenseRef-scancode-unknown

[capfei]

Description

I ran scans on two NuGet packages and it returned the declared license as LicenseRef-scancode-unknown.

• python 3.13.7
• 7-Zip.Sfx 18.5.0

  "declared_license_expression_spdx": "LicenseRef-scancode-unknown",
  "license_detections": [
    {
      "license_expression": "unknown",
      "license_expression_spdx": "LicenseRef-scancode-unknown",
      "matches": [
        {
          "license_expression": "unknown",
          "license_expression_spdx": "LicenseRef-scancode-unknown",
          "from_file": "codebase/python.nuspec",
          "start_line": 1,
          "end_line": 1,
          "matcher": "5-undetected",
          "score": 100.0,
          "matched_length": 7,
          "match_coverage": 100.0,
          "rule_relevance": 100,
          "rule_identifier": "package-manifest-unknown-cb3c3d5d7f7cf4a3f3a998e7b68e092ccbfe730d",
          "rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/package-manifest-unknown-cb3c3d5d7f7cf4a3f3a998e7b68e092ccbfe730d",
          "matched_text": "license {'@type': 'file', '#text': 'tools\\\\LICENSE.txt'}"
        }
      ],
      "identifier": "unknown-1648570e-f21a-a797-fe5a-e7ce1cb6a377"
    }
  ],

On both, it shows a rule match to line 1 in the nuspec. The rule_url doesn't work: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/package-manifest-unknown-cb3c3d5d7f7cf4a3f3a998e7b68e092ccbfe730d

Here are the json results:
7-zip.sfx.18.5.0-results.json
python-3.13.7-results.json

How To Reproduce

Tell us how to reproduce the issue.

docker run --rm ghcr.io/aboutcode-org/scancode.io:latest run scan_single_package https://api.nuget.org/v3-flatcontainer/python/3.13.7/python.3.13.7.nupkg > results.json

docker run --rm ghcr.io/aboutcode-org/scancode.io:latest run scan_single_package https://api.nuget.org/v3-flatcontainer/7-zip.sfx/18.5.0/7-zip.sfx.18.5.0.nupkg > results.json

System configuration

For bug reports, it really helps us to know:

What OS are you running on? Windows 11 25H2
What version of scancode-toolkit was used to generate the scan file? I think 32.4.0, not sure
What installation method was used to install/run scancode? ScanCode.io instructions in Docker Desktop v4.51.0

I followed the instructions on https://scancodeio.readthedocs.io/en/latest/quickstart.html#run-a-remote-package-scan. If this should be in the scancode.io repo or somewhere else, let me know. I will close this and create a new issue in the correct location.

[levi42x]

"rule_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/package-manifest-unknown-cb3c3d5d7f7cf4a3f3a998e7b68e092ccbfe730d",

hi @capfei,
i noticed that the rule_url in the scan results does not exist anymore....
so I’m unable to inspect the rule. could you confirm if this is a broken link or if the rule was moved/renamed?