dash-licenses does not understand npm Workspaces

[tsmaeder]

I am trying to ip-check a repo containing three subprojects as npm workspaces. The package-lock.json file starts like this:

{
  "name": "js-profile-visualizer",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "js-profile-visualizer",
      "workspaces": [
        "packages/vscode-js-profile-core",
        "packages/vscode-js-profile-flame",
        "packages/vscode-js-profile-table"
      ],

When I run dash-licenses on the root project, I get this output:

Invalid: node_modules/vscode-js-profile-core, unknown, restricted, none
Invalid: node_modules/vscode-js-profile-flame, unknown, restricted, none
Invalid: node_modules/vscode-js-profile-table, unknown, restricted, none

The root project contains a LICENSE file containing the MIT license. The project is private none of the modules are ever published to npmjs.

The repo on question is https://github.com/microsoft/vscode-js-profile-visualizer.

I would expect dash-licenses to understand what workspaces are in a package-log.json and to not treat them as dependencies but as part of the source module we're trying to check, as they are not acquired via a artifact repository.