Dusti-lock find unregistered packages that were specified as absolute URLs when it shouldn't

[AdamVanScyoc]

Hi, I noticed that Dusti-lock will report certain dependencies that it finds in e.g. a package.json file that were specified as absolute URLs, when these packages are not at risk for dependency confusion (if I understand the vuln. correctly).

Here's an example:
If you clone this test repo I created ( https://github.com/AdamVanScyoc/dusti_test ) and run dusti-lock there, observe that it reports dusti_test_package as an unregistered package, which is technically true, but this dependency is not vulnerable and perhaps shouldn't be reported:

┌─[Adam]─[~/repos/dusti_test]
└──╼ $~/repos/dusti-lock/dusti-lock -r
DustiLock started
scanning directory "/Users/Adam/repos/dusti_test" (recursive=true) ...
error - npm package "dusti_test_package" is available for public registration. /Users/Adam/repos/dusti_test/package.json
one or more packages is available for public registration

┌─[Adam@89]─[~/repos/dusti-lock]
└──╼ $go version
go version go1.14.3 darwin/amd64
┌─[Adam@89]─[~/repos/dusti-lock]
└──╼ $git version
git version 2.28.0
┌─[Adam@89]─[~/repos/dusti-lock]
└──╼ $sh --version
GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin19)
Copyright (C) 2007 Free Software Foundation, Inc.

Thanks