RubyGems - gitlab-license_finder - Versions diffs - 6.14.2.1 - Mend

gitlab-license_finder 6.14.2.1

Files changed (180) hide show

checksums.yaml +7 -0
data/.force-build +0 -0
data/.gitignore +13 -0
data/.rspec +1 -0
data/.rubocop.yml +70 -0
data/CHANGELOG.md +981 -0
data/CONTRIBUTING.md +121 -0
data/Dockerfile +249 -0
data/Gemfile +2 -0
data/LICENSE +22 -0
data/README.md +555 -0
data/Rakefile +77 -0
data/TODO.md +12 -0
data/VERSION +1 -0
data/appveyor.yml +21 -0
data/bin/license_finder +6 -0
data/bin/license_finder_pip.py +43 -0
data/ci/pipelines/pull-request.yml.erb +141 -0
data/ci/pipelines/release.yml.erb +200 -0
data/ci/scripts/containerize-tests.sh +14 -0
data/ci/scripts/pushscript.sh +32 -0
data/ci/scripts/run-rubocop.sh +15 -0
data/ci/scripts/run-tests.sh +24 -0
data/ci/scripts/test.ps1 +81 -0
data/ci/scripts/updateChangelog.sh +84 -0
data/ci/tasks/build-and-push-gem.yml +10 -0
data/ci/tasks/build-windows.yml +6 -0
data/ci/tasks/build.yml +16 -0
data/ci/tasks/rubocop.yml +15 -0
data/ci/tasks/run-tests.yml +10 -0
data/ci/tasks/update-changelog.yml +18 -0
data/dlf +12 -0
data/examples/Gemfile +4 -0
data/examples/custom_erb_template.rb +24 -0
data/examples/extract_license_data.rb +63 -0
data/examples/sample_template.erb +7 -0
data/lib/license_finder/cli/approvals.rb +28 -0
data/lib/license_finder/cli/base.rb +107 -0
data/lib/license_finder/cli/dependencies.rb +44 -0
data/lib/license_finder/cli/ignored_dependencies.rb +32 -0
data/lib/license_finder/cli/ignored_groups.rb +32 -0
data/lib/license_finder/cli/inherited_decisions.rb +50 -0
data/lib/license_finder/cli/licenses.rb +26 -0
data/lib/license_finder/cli/main.rb +221 -0
data/lib/license_finder/cli/makes_decisions.rb +38 -0
data/lib/license_finder/cli/patched_thor.rb +33 -0
data/lib/license_finder/cli/permitted_licenses.rb +32 -0
data/lib/license_finder/cli/project_name.rb +32 -0
data/lib/license_finder/cli/restricted_licenses.rb +32 -0
data/lib/license_finder/cli.rb +20 -0
data/lib/license_finder/configuration.rb +186 -0
data/lib/license_finder/core.rb +118 -0
data/lib/license_finder/decision_applier.rb +70 -0
data/lib/license_finder/decisions.rb +312 -0
data/lib/license_finder/decisions_factory.rb +13 -0
data/lib/license_finder/diff.rb +51 -0
data/lib/license_finder/license/any_matcher.rb +15 -0
data/lib/license_finder/license/definitions.rb +366 -0
data/lib/license_finder/license/header_matcher.rb +17 -0
data/lib/license_finder/license/matcher.rb +24 -0
data/lib/license_finder/license/none_matcher.rb +11 -0
data/lib/license_finder/license/template.rb +19 -0
data/lib/license_finder/license/templates/0BSD.txt +10 -0
data/lib/license_finder/license/templates/Apache1_1.txt +16 -0
data/lib/license_finder/license/templates/Apache2.txt +172 -0
data/lib/license_finder/license/templates/BSD.txt +24 -0
data/lib/license_finder/license/templates/CC01.txt +30 -0
data/lib/license_finder/license/templates/CDDL1.txt +131 -0
data/lib/license_finder/license/templates/EPL1.txt +86 -0
data/lib/license_finder/license/templates/GPLv2.txt +339 -0
data/lib/license_finder/license/templates/GPLv3.txt +674 -0
data/lib/license_finder/license/templates/ISC.txt +2 -0
data/lib/license_finder/license/templates/LGPL.txt +165 -0
data/lib/license_finder/license/templates/LGPL2_1.txt +169 -0
data/lib/license_finder/license/templates/MIT.txt +9 -0
data/lib/license_finder/license/templates/MPL1_1.txt +469 -0
data/lib/license_finder/license/templates/MPL2.txt +373 -0
data/lib/license_finder/license/templates/NewBSD.txt +21 -0
data/lib/license_finder/license/templates/OFL.txt +91 -0
data/lib/license_finder/license/templates/Python.txt +47 -0
data/lib/license_finder/license/templates/Ruby.txt +52 -0
data/lib/license_finder/license/templates/SimplifiedBSD.txt +19 -0
data/lib/license_finder/license/templates/WTFPL.txt +14 -0
data/lib/license_finder/license/templates/Zlib.txt +17 -0
data/lib/license_finder/license/text.rb +45 -0
data/lib/license_finder/license.rb +117 -0
data/lib/license_finder/license_aggregator.rb +59 -0
data/lib/license_finder/logger.rb +69 -0
data/lib/license_finder/package.rb +202 -0
data/lib/license_finder/package_delta.rb +61 -0
data/lib/license_finder/package_manager.rb +181 -0
data/lib/license_finder/package_managers/bower.rb +37 -0
data/lib/license_finder/package_managers/bundler.rb +110 -0
data/lib/license_finder/package_managers/cargo.rb +38 -0
data/lib/license_finder/package_managers/carthage.rb +68 -0
data/lib/license_finder/package_managers/cocoa_pods.rb +61 -0
data/lib/license_finder/package_managers/composer.rb +63 -0
data/lib/license_finder/package_managers/conan.rb +28 -0
data/lib/license_finder/package_managers/conda.rb +131 -0
data/lib/license_finder/package_managers/dep.rb +43 -0
data/lib/license_finder/package_managers/dotnet.rb +83 -0
data/lib/license_finder/package_managers/erlangmk.rb +50 -0
data/lib/license_finder/package_managers/glide.rb +36 -0
data/lib/license_finder/package_managers/go_15vendorexperiment.rb +87 -0
data/lib/license_finder/package_managers/go_dep.rb +80 -0
data/lib/license_finder/package_managers/go_modules.rb +93 -0
data/lib/license_finder/package_managers/go_workspace.rb +116 -0
data/lib/license_finder/package_managers/govendor.rb +73 -0
data/lib/license_finder/package_managers/gradle.rb +99 -0
data/lib/license_finder/package_managers/gvt.rb +69 -0
data/lib/license_finder/package_managers/maven.rb +65 -0
data/lib/license_finder/package_managers/mix.rb +131 -0
data/lib/license_finder/package_managers/npm.rb +57 -0
data/lib/license_finder/package_managers/nuget.rb +154 -0
data/lib/license_finder/package_managers/pip.rb +70 -0
data/lib/license_finder/package_managers/pipenv.rb +63 -0
data/lib/license_finder/package_managers/rebar.rb +65 -0
data/lib/license_finder/package_managers/sbt.rb +50 -0
data/lib/license_finder/package_managers/spm.rb +93 -0
data/lib/license_finder/package_managers/trash.rb +43 -0
data/lib/license_finder/package_managers/yarn.rb +107 -0
data/lib/license_finder/package_utils/activation.rb +40 -0
data/lib/license_finder/package_utils/conan_info_parser.rb +77 -0
data/lib/license_finder/package_utils/gradle_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/license_files.rb +41 -0
data/lib/license_finder/package_utils/licensing.rb +39 -0
data/lib/license_finder/package_utils/maven_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/notice_files.rb +40 -0
data/lib/license_finder/package_utils/possible_license_file.rb +27 -0
data/lib/license_finder/package_utils/pypi.rb +41 -0
data/lib/license_finder/package_utils/sbt_dependency_finder.rb +15 -0
data/lib/license_finder/packages/bower_package.rb +42 -0
data/lib/license_finder/packages/bundler_package.rb +33 -0
data/lib/license_finder/packages/cargo_package.rb +28 -0
data/lib/license_finder/packages/carthage_package.rb +18 -0
data/lib/license_finder/packages/cocoa_pods_package.rb +22 -0
data/lib/license_finder/packages/composer_package.rb +13 -0
data/lib/license_finder/packages/conan_package.rb +23 -0
data/lib/license_finder/packages/conda_package.rb +74 -0
data/lib/license_finder/packages/erlangmk_package.rb +114 -0
data/lib/license_finder/packages/go_package.rb +32 -0
data/lib/license_finder/packages/gradle_package.rb +30 -0
data/lib/license_finder/packages/manual_package.rb +27 -0
data/lib/license_finder/packages/maven_package.rb +27 -0
data/lib/license_finder/packages/merged_package.rb +44 -0
data/lib/license_finder/packages/mix_package.rb +13 -0
data/lib/license_finder/packages/npm_package.rb +171 -0
data/lib/license_finder/packages/nuget_package.rb +13 -0
data/lib/license_finder/packages/pip_package.rb +50 -0
data/lib/license_finder/packages/rebar_package.rb +13 -0
data/lib/license_finder/packages/sbt_package.rb +22 -0
data/lib/license_finder/packages/spm_package.rb +18 -0
data/lib/license_finder/packages/yarn_package.rb +13 -0
data/lib/license_finder/platform.rb +15 -0
data/lib/license_finder/project_finder.rb +62 -0
data/lib/license_finder/report.rb +33 -0
data/lib/license_finder/reports/csv_report.rb +99 -0
data/lib/license_finder/reports/diff_report.rb +29 -0
data/lib/license_finder/reports/erb_report.rb +58 -0
data/lib/license_finder/reports/html_report.rb +13 -0
data/lib/license_finder/reports/json_report.rb +30 -0
data/lib/license_finder/reports/junit_report.rb +19 -0
data/lib/license_finder/reports/markdown_report.rb +9 -0
data/lib/license_finder/reports/merged_report.rb +16 -0
data/lib/license_finder/reports/templates/bootstrap.css +9 -0
data/lib/license_finder/reports/templates/html_report.erb +113 -0
data/lib/license_finder/reports/templates/junit_report.erb +41 -0
data/lib/license_finder/reports/templates/markdown_report.erb +49 -0
data/lib/license_finder/reports/templates/xml_report.erb +19 -0
data/lib/license_finder/reports/text_report.rb +12 -0
data/lib/license_finder/reports/xml_report.rb +19 -0
data/lib/license_finder/scanner.rb +83 -0
data/lib/license_finder/shared_helpers/cmd.rb +13 -0
data/lib/license_finder/shared_helpers/common_path.rb +29 -0
data/lib/license_finder/version.rb +6 -0
data/lib/license_finder.rb +14 -0
data/license_finder.gemspec +72 -0
data/release/instructions.md +8 -0
data/swift-all-keys.asc +240 -0
metadata +544 -0

data/lib/license_finder/package_managers/go_workspace.rb ADDED Viewed

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class GoWorkspacePackageManagerError < ::StandardError
+  end
+  class GoWorkspace < PackageManager
+    Submodule = Struct.new :install_path, :revision
+    ENVRC_REGEXP = /GOPATH|GO15VENDOREXPERIMENT/.freeze
+    def initialize(options = {})
+      super
+      @full_version = options[:go_full_version]
+      @strict_matching = options[:strict_matching]
+    end
+    def package_management_command
+      'go'
+    end
+    def current_packages
+      go_list_packages = go_list
+      git_modules.map do |submodule|
+        # We are filtering the non-standard packages because the word "net"
+        # seems to be common that can give false positive when filtering the git submodules
+        import_path = go_list_packages.find do |gp|
+          submodule.install_path =~ /#{repo_name(gp)}$/
+        end
+        next unless import_path
+        dependency_info = {
+          'ImportPath' => repo_name(import_path),
+          'Homepage' => repo_name(import_path),
+          'InstallPath' => submodule.install_path,
+          'Rev' => submodule.revision
+        }
+        GoPackage.from_dependency(dependency_info, nil, @full_version)
+      end.compact
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def possible_package_paths
+      [envrc_path.dirname]
+    end
+    def active?
+      return false if @strict_matching
+      godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path))
+      dep = LicenseFinder::Dep.new(project_path: Pathname(project_path))
+      # go workspace is only active if GoDep wasn't. There are some projects
+      # that will use the .envrc and have a Godep folder as well.
+      !!(!godep.active? && !dep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path)))
+    end
+    private
+    def repo_name(import_path)
+      import_path.split('/')[0..2].join('/')
+    end
+    def project_src
+      project_path.join('src')
+    end
+    def envrc_path
+      p = Pathname.new project_path
+      4.times.reduce([p]) { |memo, _| memo << memo.last.parent }.map { |path| path.join('.envrc') }.find(&:exist?)
+    end
+    def go_list
+      Dir.chdir(project_path) do
+        # avoid checking canonical import path. some projects uses
+        # non-canonical import path and rely on the fact that the deps are
+        # checked in. Canonical paths are only checked by `go get'. We
+        # discovered that `go list' will print a warning and unfortunately exit
+        # with status code 1. Setting GOPATH to nil removes those warnings.
+        orig_gopath = ENV['GOPATH']
+        ENV['GOPATH'] = nil
+        val, stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...')
+        ENV['GOPATH'] = project_path.to_s
+        val, stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...') unless status.success?
+        ENV['GOPATH'] = orig_gopath
+        raise GoWorkspacePackageManagerError, "go list failed:\n#{stderr}" unless status.success?
+        # Select non-standard packages. `go list std` returns the list of standard
+        # dependencies. We then filter those dependencies out of the full list of
+        # dependencies.
+        deps = val.split("\n")
+        Cmd.run('go list std').first.split("\n").each do |std|
+          deps.delete_if do |dep|
+            dep =~ %r{(\/|^)#{std}(\/|$)}
+          end
+        end
+        deps
+      end
+    end
+    def git_modules
+      Dir.chdir(detected_package_path) do |_d|
+        result, _stderr, status = Cmd.run('git submodule status')
+        raise 'git submodule status failed' unless status.success?
+        result.lines.map do |l|
+          columns = l.split.map(&:strip)
+          Submodule.new File.join(detected_package_path, columns[1]), columns[0]
+        end
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/govendor.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require 'license_finder/shared_helpers/common_path'
+require 'json'
+module LicenseFinder
+  class Govendor < PackageManager
+    def possible_package_paths
+      [project_path.join('vendor', 'vendor.json')]
+    end
+    def current_packages
+      file = File.read(detected_package_path)
+      packages = packages_from_json(file)
+      packages.map do |package|
+        GoPackage.from_dependency({
+                                    'ImportPath' => package[:path],
+                                    'InstallPath' => project_path.join('vendor', package[:path]),
+                                    'Rev' => package[:sha]
+                                  }, nil, true)
+      end
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def package_management_command
+      'govendor'
+    end
+    def prepare_command
+      'govendor sync'
+    end
+    private
+    def packages_from_json(json_string)
+      data = JSON.parse(json_string)
+      packages = data['package']
+      packages_by_sha = {}
+      packages_with_no_sha = []
+      packages.each do |package|
+        package_path = package['origin'] || package['path']
+        package_revision = package['revision']
+        if !package_is_versioned?(package)
+          packages_with_no_sha << { sha: '', path: package_path }
+        elsif packages_by_sha[package_revision].nil?
+          packages_by_sha[package_revision] = [package_path]
+        else
+          packages_by_sha[package_revision] << package_path
+        end
+      end
+      result = packages_with_no_sha
+      packages_by_sha.each do |sha, paths|
+        common_paths = CommonPathHelper.longest_common_paths(paths)
+        common_paths.each { |cp| result << { sha: sha, path: cp } }
+      end
+      result
+    end
+    def package_is_versioned?(package)
+      package_revision = package['revision']
+      !package_revision.nil? && !package_revision.empty?
+    end
+  end
+end

data/lib/license_finder/package_managers/gradle.rb ADDED Viewed

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+require 'xmlsimple'
+require 'with_env'
+require 'license_finder/package_utils/gradle_dependency_finder'
+module LicenseFinder
+  class Gradle < PackageManager
+    def initialize(options = {})
+      super
+      @command = options[:gradle_command] || package_management_command
+      @include_groups = options[:gradle_include_groups]
+    end
+    def current_packages
+      WithEnv.with_env('TERM' => 'dumb') do
+        command = "#{@command} downloadLicenses"
+        _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+        raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+        dependencies = GradleDependencyFinder.new(project_path).dependencies
+        packages = dependencies.flat_map do |xml_file|
+          options = { 'GroupTags' => { 'dependencies' => 'dependency' } }
+          contents = XmlSimple.xml_in(xml_file, options).fetch('dependency', [])
+          contents.map do |dep|
+            GradlePackage.new(dep, logger: logger, include_groups: @include_groups)
+          end
+        end
+        packages.uniq
+      end
+    end
+    def package_management_command
+      if Platform.windows?
+        wrapper = 'gradlew.bat'
+        gradle = 'gradle.bat'
+      else
+        wrapper = './gradlew'
+        gradle = 'gradle'
+      end
+      File.exist?(File.join(project_path, wrapper)) ? wrapper : gradle
+    end
+    def project_root?
+      active? && root_module?
+    end
+    private
+    def root_module?
+      return false if project_path.to_s.include?('buildSrc')
+      command = "#{package_management_command} -Dorg.gradle.jvmargs=-Xmx6144m properties | grep 'parent: '"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      if stderr&.include?('not part of the build defined by settings file')
+        Dir.chdir(project_path) do
+          Cmd.run('touch settings.gradle')
+          stdout, stderr, status = Cmd.run(command)
+          Cmd.run('rm settings.gradle')
+        end
+      end
+      raise "Command '#{command}' failed to execute in #{project_path}: #{stderr}" unless status.success?
+      root_project_name = stdout.gsub(/\s|parent:|\n/, '')
+      root_project_name == 'null'
+    end
+    def detected_package_path
+      alternate_build_file = build_file_from_settings(project_path)
+      return alternate_build_file if alternate_build_file
+      build_gradle_file
+    end
+    def build_gradle_file
+      kotlin_gradle_path = project_path.join('build.gradle.kts')
+      return kotlin_gradle_path if File.exist? kotlin_gradle_path
+      project_path.join('build.gradle')
+    end
+    def build_file_from_settings(project_path)
+      settings_gradle_path = project_path.join 'settings.gradle'
+      return nil unless File.exist? settings_gradle_path
+      settings_gradle = File.read settings_gradle_path
+      match = /rootProject.buildFileName = ['"](?<build_file>.*)['"]/.match settings_gradle
+      return nil unless match
+      project_path.join match[:build_file]
+    end
+  end
+end

data/lib/license_finder/package_managers/gvt.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require 'license_finder/shared_helpers/common_path'
+module LicenseFinder
+  class Gvt < PackageManager
+    def possible_package_paths
+      potential_path = project_path.join('vendor', 'manifest')
+      [Pathname(potential_path)]
+    end
+    def package_management_command
+      'gvt'
+    end
+    def prepare_command
+      'gvt restore'
+    end
+    def current_packages
+      shell_command = "cd #{project_path} && gvt list -f \"{{.Importpath}} {{.Revision}} {{.Repository}}\""
+      path = project_path.join(project_path, 'vendor')
+      stdout, _stderr, status = Cmd.run(shell_command)
+      return [] unless status.success?
+      packages_from_output(stdout, path)
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    private
+    def packages_from_output(output, path)
+      package_lines = output.split("\n")
+      packages_by_sha = {}
+      package_lines.each do |p|
+        package_path, sha, repo = p.split
+        if packages_by_sha[sha].nil?
+          packages_by_sha[sha] = {}
+          packages_by_sha[sha]['paths'] = [package_path]
+          packages_by_sha[sha]['repo'] = repo
+        else
+          packages_by_sha[sha]['paths'] << package_path
+        end
+      end
+      result = []
+      packages_by_sha.each do |sha, info|
+        paths = CommonPathHelper.longest_common_paths(info['paths'])
+        paths.each { |p| result << [sha, p, info['repo']] }
+      end
+      result.map do |package_info|
+        sha, import_path, repo = package_info
+        GoPackage.from_dependency({
+                                    'ImportPath' => import_path,
+                                    'InstallPath' => path.join(import_path),
+                                    'Rev' => sha,
+                                    'Homepage' => repo
+                                  }, nil, true)
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/maven.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+require 'xmlsimple'
+require 'license_finder/package_utils/maven_dependency_finder'
+module LicenseFinder
+  class Maven < PackageManager
+    def initialize(options = {})
+      super
+      @ignored_groups = options[:ignored_groups]
+      @include_groups = options[:maven_include_groups]
+      @maven_options = options[:maven_options]
+    end
+    def current_packages
+      command = "#{package_management_command} org.codehaus.mojo:license-maven-plugin:download-licenses"
+      command += " -Dlicense.excludedScopes=#{@ignored_groups.to_a.join(',')}" if @ignored_groups && !@ignored_groups.empty?
+      command += " #{@maven_options}" unless @maven_options.nil?
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      dependencies = MavenDependencyFinder.new(project_path).dependencies
+      packages = dependencies.flat_map do |xml|
+        options = {
+          'GroupTags' => { 'licenses' => 'license', 'dependencies' => 'dependency' },
+          'ForceArray' => %w[license dependency]
+        }
+        contents = XmlSimple.xml_in(xml, options)['dependencies']
+        contents.map do |dep|
+          MavenPackage.new(dep, logger: logger, include_groups: @include_groups)
+        end
+      end
+      packages.uniq
+    end
+    def package_management_command
+      wrapper = if Platform.windows?
+                  'mvnw.cmd'
+                else
+                  './mvnw'
+                end
+      maven = 'mvn'
+      File.exist?(File.join(project_path, wrapper)) ? wrapper : maven
+    end
+    def possible_package_paths
+      [project_path.join('pom.xml')]
+    end
+    def project_root?
+      active? && root_module?
+    end
+    private
+    def root_module?
+      command = "#{package_management_command} help:evaluate -Dexpression=project.parent -q -DforceStdout"
+      stdout, _stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute in #{project_path}: #{stdout}" unless status.success?
+      stdout.include?('null object or invalid expression')
+    end
+  end
+end

data/lib/license_finder/package_managers/mix.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Mix < PackageManager
+    def initialize(options = {})
+      super
+      @command = options[:mix_command] || package_management_command
+      @elixir_command = options[:elixir_command] || 'elixir'
+      @deps_path = Pathname(options[:mix_deps_dir] || 'deps')
+    end
+    def current_packages
+      mix_output.map do |name, version|
+        MixPackage.new(
+          name,
+          version,
+          install_path: @deps_path.join(name),
+          logger: logger,
+          spec_licenses: licenses(name)
+        )
+      end
+    end
+    def licenses(name)
+      licenses_by_package = load_all_licenses
+      licenses_by_package.fetch(name, ['license is not in deps'])
+    end
+    def package_management_command
+      'mix'
+    end
+    def self.package_lock_file
+      'mix.lock'
+    end
+    def prepare_command
+      'mix deps.get'
+    end
+    def possible_package_paths
+      [project_path.join('mix.exs')]
+    end
+    def installed?(logger = Core.default_logger)
+      if package_management_command.nil?
+        logger.debug self.class, 'no command defined'
+        true
+      elsif command_exists?('elixir') && command_exists?('mix')
+        logger.debug self.class, 'is installed', color: :green
+        true
+      else
+        logger.info self.class, '(elixir) is not installed', color: :red
+        false
+      end
+    end
+    private
+    def load_all_licenses
+      elixir_code = <<-ELIXIR
+      deps_path = "#{@deps_path}"
+      case File.ls(deps_path) do
+        {:ok, dirs} ->
+          Enum.reduce(dirs, [], fn name, acc ->
+            with hexmetadata_file <- Path.join([deps_path, name, "hex_metadata.config"]),
+                {:ok, metadata} <- :file.consult(hexmetadata_file),
+                {"licenses", licenses} <- List.keyfind(metadata, "licenses", 0) do
+              [[name, licenses] | acc]
+            else
+              _ -> acc
+            end
+          end)
+        {:error, _} ->
+          []
+      end
+      |> IO.inspect(limit: :infinity)
+      ELIXIR
+      command = "#{@elixir_command} -e '#{elixir_code}'"
+      return {} unless File.directory?(project_path)
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      Hash[JSON.parse(stdout)]
+    end
+    def end_of_package_lines?(line)
+      line == 'ok'
+    end
+    def mix_output
+      command = "#{@command} deps"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      packages_lines(stdout)
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
+        .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
+    end
+    def packages_lines(stdout)
+      packages_lines, last_package_lines =
+        stdout
+        .each_line
+        .map(&:strip)
+        .reject { |line| end_of_package_lines?(line) }
+        .reduce([[], []]) do |(packages_lines, package_lines), line|
+        if start_of_package_lines?(line)
+          packages_lines.push(package_lines) unless package_lines.empty?
+          [packages_lines, [line]]
+        else
+          package_lines.push(line)
+          [packages_lines, package_lines]
+        end
+      end
+      packages_lines.push(last_package_lines)
+    end
+    def resolve_version(line)
+      line =~ /locked at ([^\s]+)/ ? Regexp.last_match(1) : line
+    end
+    def start_of_package_lines?(line)
+      line.start_with?('* ')
+    end
+  end
+end

data/lib/license_finder/package_managers/npm.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+require 'json'
+require 'tempfile'
+module LicenseFinder
+  class NPM < PackageManager
+    def initialize(options = {})
+      super
+      @npm_options = options[:npm_options]
+    end
+    def current_packages
+      NpmPackage.packages_from_json(npm_json, detected_package_path)
+    end
+    def package_management_command
+      'npm'
+    end
+    def prepare_command
+      'npm install --no-save --ignore-scripts'
+    end
+    def possible_package_paths
+      [project_path.join('package.json')]
+    end
+    def prepare
+      prep_cmd = "#{prepare_command}#{production_flag}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    private
+    def npm_json
+      command = "#{package_management_command} list --json --long#{production_flag}"
+      command += " #{@npm_options}" unless @npm_options.nil?
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      # we can try and continue if we got an exit status 1 - unmet peer dependency
+      raise "Command '#{command}' failed to execute: #{stderr}" if !status.success? && status.exitstatus != 1
+      JSON.parse(stdout)
+    end
+    def production_flag
+      return '' if @ignored_groups.nil?
+      @ignored_groups.include?('devDependencies') ? ' --production' : ''
+    end
+  end
+end