RubyGems - gitlab-license_finder - Versions diffs - 6.14.2.1 - Mend

gitlab-license_finder 6.14.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

checksums.yaml +7 -0
data/.force-build +0 -0
data/.gitignore +13 -0
data/.rspec +1 -0
data/.rubocop.yml +70 -0
data/CHANGELOG.md +981 -0
data/CONTRIBUTING.md +121 -0
data/Dockerfile +249 -0
data/Gemfile +2 -0
data/LICENSE +22 -0
data/README.md +555 -0
data/Rakefile +77 -0
data/TODO.md +12 -0
data/VERSION +1 -0
data/appveyor.yml +21 -0
data/bin/license_finder +6 -0
data/bin/license_finder_pip.py +43 -0
data/ci/pipelines/pull-request.yml.erb +141 -0
data/ci/pipelines/release.yml.erb +200 -0
data/ci/scripts/containerize-tests.sh +14 -0
data/ci/scripts/pushscript.sh +32 -0
data/ci/scripts/run-rubocop.sh +15 -0
data/ci/scripts/run-tests.sh +24 -0
data/ci/scripts/test.ps1 +81 -0
data/ci/scripts/updateChangelog.sh +84 -0
data/ci/tasks/build-and-push-gem.yml +10 -0
data/ci/tasks/build-windows.yml +6 -0
data/ci/tasks/build.yml +16 -0
data/ci/tasks/rubocop.yml +15 -0
data/ci/tasks/run-tests.yml +10 -0
data/ci/tasks/update-changelog.yml +18 -0
data/dlf +12 -0
data/examples/Gemfile +4 -0
data/examples/custom_erb_template.rb +24 -0
data/examples/extract_license_data.rb +63 -0
data/examples/sample_template.erb +7 -0
data/lib/license_finder/cli/approvals.rb +28 -0
data/lib/license_finder/cli/base.rb +107 -0
data/lib/license_finder/cli/dependencies.rb +44 -0
data/lib/license_finder/cli/ignored_dependencies.rb +32 -0
data/lib/license_finder/cli/ignored_groups.rb +32 -0
data/lib/license_finder/cli/inherited_decisions.rb +50 -0
data/lib/license_finder/cli/licenses.rb +26 -0
data/lib/license_finder/cli/main.rb +221 -0
data/lib/license_finder/cli/makes_decisions.rb +38 -0
data/lib/license_finder/cli/patched_thor.rb +33 -0
data/lib/license_finder/cli/permitted_licenses.rb +32 -0
data/lib/license_finder/cli/project_name.rb +32 -0
data/lib/license_finder/cli/restricted_licenses.rb +32 -0
data/lib/license_finder/cli.rb +20 -0
data/lib/license_finder/configuration.rb +186 -0
data/lib/license_finder/core.rb +118 -0
data/lib/license_finder/decision_applier.rb +70 -0
data/lib/license_finder/decisions.rb +312 -0
data/lib/license_finder/decisions_factory.rb +13 -0
data/lib/license_finder/diff.rb +51 -0
data/lib/license_finder/license/any_matcher.rb +15 -0
data/lib/license_finder/license/definitions.rb +366 -0
data/lib/license_finder/license/header_matcher.rb +17 -0
data/lib/license_finder/license/matcher.rb +24 -0
data/lib/license_finder/license/none_matcher.rb +11 -0
data/lib/license_finder/license/template.rb +19 -0
data/lib/license_finder/license/templates/0BSD.txt +10 -0
data/lib/license_finder/license/templates/Apache1_1.txt +16 -0
data/lib/license_finder/license/templates/Apache2.txt +172 -0
data/lib/license_finder/license/templates/BSD.txt +24 -0
data/lib/license_finder/license/templates/CC01.txt +30 -0
data/lib/license_finder/license/templates/CDDL1.txt +131 -0
data/lib/license_finder/license/templates/EPL1.txt +86 -0
data/lib/license_finder/license/templates/GPLv2.txt +339 -0
data/lib/license_finder/license/templates/GPLv3.txt +674 -0
data/lib/license_finder/license/templates/ISC.txt +2 -0
data/lib/license_finder/license/templates/LGPL.txt +165 -0
data/lib/license_finder/license/templates/LGPL2_1.txt +169 -0
data/lib/license_finder/license/templates/MIT.txt +9 -0
data/lib/license_finder/license/templates/MPL1_1.txt +469 -0
data/lib/license_finder/license/templates/MPL2.txt +373 -0
data/lib/license_finder/license/templates/NewBSD.txt +21 -0
data/lib/license_finder/license/templates/OFL.txt +91 -0
data/lib/license_finder/license/templates/Python.txt +47 -0
data/lib/license_finder/license/templates/Ruby.txt +52 -0
data/lib/license_finder/license/templates/SimplifiedBSD.txt +19 -0
data/lib/license_finder/license/templates/WTFPL.txt +14 -0
data/lib/license_finder/license/templates/Zlib.txt +17 -0
data/lib/license_finder/license/text.rb +45 -0
data/lib/license_finder/license.rb +117 -0
data/lib/license_finder/license_aggregator.rb +59 -0
data/lib/license_finder/logger.rb +69 -0
data/lib/license_finder/package.rb +202 -0
data/lib/license_finder/package_delta.rb +61 -0
data/lib/license_finder/package_manager.rb +181 -0
data/lib/license_finder/package_managers/bower.rb +37 -0
data/lib/license_finder/package_managers/bundler.rb +110 -0
data/lib/license_finder/package_managers/cargo.rb +38 -0
data/lib/license_finder/package_managers/carthage.rb +68 -0
data/lib/license_finder/package_managers/cocoa_pods.rb +61 -0
data/lib/license_finder/package_managers/composer.rb +63 -0
data/lib/license_finder/package_managers/conan.rb +28 -0
data/lib/license_finder/package_managers/conda.rb +131 -0
data/lib/license_finder/package_managers/dep.rb +43 -0
data/lib/license_finder/package_managers/dotnet.rb +83 -0
data/lib/license_finder/package_managers/erlangmk.rb +50 -0
data/lib/license_finder/package_managers/glide.rb +36 -0
data/lib/license_finder/package_managers/go_15vendorexperiment.rb +87 -0
data/lib/license_finder/package_managers/go_dep.rb +80 -0
data/lib/license_finder/package_managers/go_modules.rb +93 -0
data/lib/license_finder/package_managers/go_workspace.rb +116 -0
data/lib/license_finder/package_managers/govendor.rb +73 -0
data/lib/license_finder/package_managers/gradle.rb +99 -0
data/lib/license_finder/package_managers/gvt.rb +69 -0
data/lib/license_finder/package_managers/maven.rb +65 -0
data/lib/license_finder/package_managers/mix.rb +131 -0
data/lib/license_finder/package_managers/npm.rb +57 -0
data/lib/license_finder/package_managers/nuget.rb +154 -0
data/lib/license_finder/package_managers/pip.rb +70 -0
data/lib/license_finder/package_managers/pipenv.rb +63 -0
data/lib/license_finder/package_managers/rebar.rb +65 -0
data/lib/license_finder/package_managers/sbt.rb +50 -0
data/lib/license_finder/package_managers/spm.rb +93 -0
data/lib/license_finder/package_managers/trash.rb +43 -0
data/lib/license_finder/package_managers/yarn.rb +107 -0
data/lib/license_finder/package_utils/activation.rb +40 -0
data/lib/license_finder/package_utils/conan_info_parser.rb +77 -0
data/lib/license_finder/package_utils/gradle_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/license_files.rb +41 -0
data/lib/license_finder/package_utils/licensing.rb +39 -0
data/lib/license_finder/package_utils/maven_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/notice_files.rb +40 -0
data/lib/license_finder/package_utils/possible_license_file.rb +27 -0
data/lib/license_finder/package_utils/pypi.rb +41 -0
data/lib/license_finder/package_utils/sbt_dependency_finder.rb +15 -0
data/lib/license_finder/packages/bower_package.rb +42 -0
data/lib/license_finder/packages/bundler_package.rb +33 -0
data/lib/license_finder/packages/cargo_package.rb +28 -0
data/lib/license_finder/packages/carthage_package.rb +18 -0
data/lib/license_finder/packages/cocoa_pods_package.rb +22 -0
data/lib/license_finder/packages/composer_package.rb +13 -0
data/lib/license_finder/packages/conan_package.rb +23 -0
data/lib/license_finder/packages/conda_package.rb +74 -0
data/lib/license_finder/packages/erlangmk_package.rb +114 -0
data/lib/license_finder/packages/go_package.rb +32 -0
data/lib/license_finder/packages/gradle_package.rb +30 -0
data/lib/license_finder/packages/manual_package.rb +27 -0
data/lib/license_finder/packages/maven_package.rb +27 -0
data/lib/license_finder/packages/merged_package.rb +44 -0
data/lib/license_finder/packages/mix_package.rb +13 -0
data/lib/license_finder/packages/npm_package.rb +171 -0
data/lib/license_finder/packages/nuget_package.rb +13 -0
data/lib/license_finder/packages/pip_package.rb +50 -0
data/lib/license_finder/packages/rebar_package.rb +13 -0
data/lib/license_finder/packages/sbt_package.rb +22 -0
data/lib/license_finder/packages/spm_package.rb +18 -0
data/lib/license_finder/packages/yarn_package.rb +13 -0
data/lib/license_finder/platform.rb +15 -0
data/lib/license_finder/project_finder.rb +62 -0
data/lib/license_finder/report.rb +33 -0
data/lib/license_finder/reports/csv_report.rb +99 -0
data/lib/license_finder/reports/diff_report.rb +29 -0
data/lib/license_finder/reports/erb_report.rb +58 -0
data/lib/license_finder/reports/html_report.rb +13 -0
data/lib/license_finder/reports/json_report.rb +30 -0
data/lib/license_finder/reports/junit_report.rb +19 -0
data/lib/license_finder/reports/markdown_report.rb +9 -0
data/lib/license_finder/reports/merged_report.rb +16 -0
data/lib/license_finder/reports/templates/bootstrap.css +9 -0
data/lib/license_finder/reports/templates/html_report.erb +113 -0
data/lib/license_finder/reports/templates/junit_report.erb +41 -0
data/lib/license_finder/reports/templates/markdown_report.erb +49 -0
data/lib/license_finder/reports/templates/xml_report.erb +19 -0
data/lib/license_finder/reports/text_report.rb +12 -0
data/lib/license_finder/reports/xml_report.rb +19 -0
data/lib/license_finder/scanner.rb +83 -0
data/lib/license_finder/shared_helpers/cmd.rb +13 -0
data/lib/license_finder/shared_helpers/common_path.rb +29 -0
data/lib/license_finder/version.rb +6 -0
data/lib/license_finder.rb +14 -0
data/license_finder.gemspec +72 -0
data/release/instructions.md +8 -0
data/swift-all-keys.asc +240 -0
metadata +544 -0

data/lib/license_finder/package_managers/go_workspace.rb ADDED Viewed

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class GoWorkspacePackageManagerError < ::StandardError
+  end
+  class GoWorkspace < PackageManager
+    Submodule = Struct.new :install_path, :revision
+    ENVRC_REGEXP = /GOPATH|GO15VENDOREXPERIMENT/.freeze
+    def initialize(options = {})
+      super
+      @full_version = options[:go_full_version]
+      @strict_matching = options[:strict_matching]
+    end
+    def package_management_command
+      'go'
+    end
+    def current_packages
+      go_list_packages = go_list
+      git_modules.map do |submodule|
+        # We are filtering the non-standard packages because the word "net"
+        # seems to be common that can give false positive when filtering the git submodules
+        import_path = go_list_packages.find do |gp|
+          submodule.install_path =~ /#{repo_name(gp)}$/
+        end
+        next unless import_path
+        dependency_info = {
+          'ImportPath' => repo_name(import_path),
+          'Homepage' => repo_name(import_path),
+          'InstallPath' => submodule.install_path,
+          'Rev' => submodule.revision
+        }
+        GoPackage.from_dependency(dependency_info, nil, @full_version)
+      end.compact
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def possible_package_paths
+      [envrc_path.dirname]
+    end
+    def active?
+      return false if @strict_matching
+      godep = LicenseFinder::GoDep.new(project_path: Pathname(project_path))
+      dep = LicenseFinder::Dep.new(project_path: Pathname(project_path))
+      # go workspace is only active if GoDep wasn't. There are some projects
+      # that will use the .envrc and have a Godep folder as well.
+      !!(!godep.active? && !dep.active? && envrc_path && ENVRC_REGEXP.match(IO.read(envrc_path)))
+    end
+    private
+    def repo_name(import_path)
+      import_path.split('/')[0..2].join('/')
+    end
+    def project_src
+      project_path.join('src')
+    end
+    def envrc_path
+      p = Pathname.new project_path
+      4.times.reduce([p]) { |memo, _| memo << memo.last.parent }.map { |path| path.join('.envrc') }.find(&:exist?)
+    end
+    def go_list
+      Dir.chdir(project_path) do
+        # avoid checking canonical import path. some projects uses
+        # non-canonical import path and rely on the fact that the deps are
+        # checked in. Canonical paths are only checked by `go get'. We
+        # discovered that `go list' will print a warning and unfortunately exit
+        # with status code 1. Setting GOPATH to nil removes those warnings.
+        orig_gopath = ENV['GOPATH']
+        ENV['GOPATH'] = nil
+        val, stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...')
+        ENV['GOPATH'] = project_path.to_s
+        val, stderr, status = Cmd.run('go list -f "{{join .Deps \"\n\"}}" ./...') unless status.success?
+        ENV['GOPATH'] = orig_gopath
+        raise GoWorkspacePackageManagerError, "go list failed:\n#{stderr}" unless status.success?
+        # Select non-standard packages. `go list std` returns the list of standard
+        # dependencies. We then filter those dependencies out of the full list of
+        # dependencies.
+        deps = val.split("\n")
+        Cmd.run('go list std').first.split("\n").each do |std|
+          deps.delete_if do |dep|
+            dep =~ %r{(\/|^)#{std}(\/|$)}
+          end
+        end
+        deps
+      end
+    end
+    def git_modules
+      Dir.chdir(detected_package_path) do |_d|
+        result, _stderr, status = Cmd.run('git submodule status')
+        raise 'git submodule status failed' unless status.success?
+        result.lines.map do |l|
+          columns = l.split.map(&:strip)
+          Submodule.new File.join(detected_package_path, columns[1]), columns[0]
+        end
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/govendor.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+require 'license_finder/shared_helpers/common_path'
+require 'json'
+module LicenseFinder
+  class Govendor < PackageManager
+    def possible_package_paths
+      [project_path.join('vendor', 'vendor.json')]
+    end
+    def current_packages
+      file = File.read(detected_package_path)
+      packages = packages_from_json(file)
+      packages.map do |package|
+        GoPackage.from_dependency({
+                                    'ImportPath' => package[:path],
+                                    'InstallPath' => project_path.join('vendor', package[:path]),
+                                    'Rev' => package[:sha]
+                                  }, nil, true)
+      end
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    def package_management_command
+      'govendor'
+    end
+    def prepare_command
+      'govendor sync'
+    end
+    private
+    def packages_from_json(json_string)
+      data = JSON.parse(json_string)
+      packages = data['package']
+      packages_by_sha = {}
+      packages_with_no_sha = []
+      packages.each do |package|
+        package_path = package['origin'] || package['path']
+        package_revision = package['revision']
+        if !package_is_versioned?(package)
+          packages_with_no_sha << { sha: '', path: package_path }
+        elsif packages_by_sha[package_revision].nil?
+          packages_by_sha[package_revision] = [package_path]
+        else
+          packages_by_sha[package_revision] << package_path
+        end
+      end
+      result = packages_with_no_sha
+      packages_by_sha.each do |sha, paths|
+        common_paths = CommonPathHelper.longest_common_paths(paths)
+        common_paths.each { |cp| result << { sha: sha, path: cp } }
+      end
+      result
+    end
+    def package_is_versioned?(package)
+      package_revision = package['revision']
+      !package_revision.nil? && !package_revision.empty?
+    end
+  end
+end

data/lib/license_finder/package_managers/gradle.rb ADDED Viewed

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+require 'xmlsimple'
+require 'with_env'
+require 'license_finder/package_utils/gradle_dependency_finder'
+module LicenseFinder
+  class Gradle < PackageManager
+    def initialize(options = {})
+      super
+      @command = options[:gradle_command] || package_management_command
+      @include_groups = options[:gradle_include_groups]
+    end
+    def current_packages
+      WithEnv.with_env('TERM' => 'dumb') do
+        command = "#{@command} downloadLicenses"
+        _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+        raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+        dependencies = GradleDependencyFinder.new(project_path).dependencies
+        packages = dependencies.flat_map do |xml_file|
+          options = { 'GroupTags' => { 'dependencies' => 'dependency' } }
+          contents = XmlSimple.xml_in(xml_file, options).fetch('dependency', [])
+          contents.map do |dep|
+            GradlePackage.new(dep, logger: logger, include_groups: @include_groups)
+          end
+        end
+        packages.uniq
+      end
+    end
+    def package_management_command
+      if Platform.windows?
+        wrapper = 'gradlew.bat'
+        gradle = 'gradle.bat'
+      else
+        wrapper = './gradlew'
+        gradle = 'gradle'
+      end
+      File.exist?(File.join(project_path, wrapper)) ? wrapper : gradle
+    end
+    def project_root?
+      active? && root_module?
+    end
+    private
+    def root_module?
+      return false if project_path.to_s.include?('buildSrc')
+      command = "#{package_management_command} -Dorg.gradle.jvmargs=-Xmx6144m properties | grep 'parent: '"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      if stderr&.include?('not part of the build defined by settings file')
+        Dir.chdir(project_path) do
+          Cmd.run('touch settings.gradle')
+          stdout, stderr, status = Cmd.run(command)
+          Cmd.run('rm settings.gradle')
+        end
+      end
+      raise "Command '#{command}' failed to execute in #{project_path}: #{stderr}" unless status.success?
+      root_project_name = stdout.gsub(/\s|parent:|\n/, '')
+      root_project_name == 'null'
+    end
+    def detected_package_path
+      alternate_build_file = build_file_from_settings(project_path)
+      return alternate_build_file if alternate_build_file
+      build_gradle_file
+    end
+    def build_gradle_file
+      kotlin_gradle_path = project_path.join('build.gradle.kts')
+      return kotlin_gradle_path if File.exist? kotlin_gradle_path
+      project_path.join('build.gradle')
+    end
+    def build_file_from_settings(project_path)
+      settings_gradle_path = project_path.join 'settings.gradle'
+      return nil unless File.exist? settings_gradle_path
+      settings_gradle = File.read settings_gradle_path
+      match = /rootProject.buildFileName = ['"](?<build_file>.*)['"]/.match settings_gradle
+      return nil unless match
+      project_path.join match[:build_file]
+    end
+  end
+end

data/lib/license_finder/package_managers/gvt.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require 'license_finder/shared_helpers/common_path'
+module LicenseFinder
+  class Gvt < PackageManager
+    def possible_package_paths
+      potential_path = project_path.join('vendor', 'manifest')
+      [Pathname(potential_path)]
+    end
+    def package_management_command
+      'gvt'
+    end
+    def prepare_command
+      'gvt restore'
+    end
+    def current_packages
+      shell_command = "cd #{project_path} && gvt list -f \"{{.Importpath}} {{.Revision}} {{.Repository}}\""
+      path = project_path.join(project_path, 'vendor')
+      stdout, _stderr, status = Cmd.run(shell_command)
+      return [] unless status.success?
+      packages_from_output(stdout, path)
+    end
+    def self.takes_priority_over
+      Go15VendorExperiment
+    end
+    private
+    def packages_from_output(output, path)
+      package_lines = output.split("\n")
+      packages_by_sha = {}
+      package_lines.each do |p|
+        package_path, sha, repo = p.split
+        if packages_by_sha[sha].nil?
+          packages_by_sha[sha] = {}
+          packages_by_sha[sha]['paths'] = [package_path]
+          packages_by_sha[sha]['repo'] = repo
+        else
+          packages_by_sha[sha]['paths'] << package_path
+        end
+      end
+      result = []
+      packages_by_sha.each do |sha, info|
+        paths = CommonPathHelper.longest_common_paths(info['paths'])
+        paths.each { |p| result << [sha, p, info['repo']] }
+      end
+      result.map do |package_info|
+        sha, import_path, repo = package_info
+        GoPackage.from_dependency({
+                                    'ImportPath' => import_path,
+                                    'InstallPath' => path.join(import_path),
+                                    'Rev' => sha,
+                                    'Homepage' => repo
+                                  }, nil, true)
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/maven.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+require 'xmlsimple'
+require 'license_finder/package_utils/maven_dependency_finder'
+module LicenseFinder
+  class Maven < PackageManager
+    def initialize(options = {})
+      super
+      @ignored_groups = options[:ignored_groups]
+      @include_groups = options[:maven_include_groups]
+      @maven_options = options[:maven_options]
+    end
+    def current_packages
+      command = "#{package_management_command} org.codehaus.mojo:license-maven-plugin:download-licenses"
+      command += " -Dlicense.excludedScopes=#{@ignored_groups.to_a.join(',')}" if @ignored_groups && !@ignored_groups.empty?
+      command += " #{@maven_options}" unless @maven_options.nil?
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      dependencies = MavenDependencyFinder.new(project_path).dependencies
+      packages = dependencies.flat_map do |xml|
+        options = {
+          'GroupTags' => { 'licenses' => 'license', 'dependencies' => 'dependency' },
+          'ForceArray' => %w[license dependency]
+        }
+        contents = XmlSimple.xml_in(xml, options)['dependencies']
+        contents.map do |dep|
+          MavenPackage.new(dep, logger: logger, include_groups: @include_groups)
+        end
+      end
+      packages.uniq
+    end
+    def package_management_command
+      wrapper = if Platform.windows?
+                  'mvnw.cmd'
+                else
+                  './mvnw'
+                end
+      maven = 'mvn'
+      File.exist?(File.join(project_path, wrapper)) ? wrapper : maven
+    end
+    def possible_package_paths
+      [project_path.join('pom.xml')]
+    end
+    def project_root?
+      active? && root_module?
+    end
+    private
+    def root_module?
+      command = "#{package_management_command} help:evaluate -Dexpression=project.parent -q -DforceStdout"
+      stdout, _stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute in #{project_path}: #{stdout}" unless status.success?
+      stdout.include?('null object or invalid expression')
+    end
+  end
+end

data/lib/license_finder/package_managers/mix.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Mix < PackageManager
+    def initialize(options = {})
+      super
+      @command = options[:mix_command] || package_management_command
+      @elixir_command = options[:elixir_command] || 'elixir'
+      @deps_path = Pathname(options[:mix_deps_dir] || 'deps')
+    end
+    def current_packages
+      mix_output.map do |name, version|
+        MixPackage.new(
+          name,
+          version,
+          install_path: @deps_path.join(name),
+          logger: logger,
+          spec_licenses: licenses(name)
+        )
+      end
+    end
+    def licenses(name)
+      licenses_by_package = load_all_licenses
+      licenses_by_package.fetch(name, ['license is not in deps'])
+    end
+    def package_management_command
+      'mix'
+    end
+    def self.package_lock_file
+      'mix.lock'
+    end
+    def prepare_command
+      'mix deps.get'
+    end
+    def possible_package_paths
+      [project_path.join('mix.exs')]
+    end
+    def installed?(logger = Core.default_logger)
+      if package_management_command.nil?
+        logger.debug self.class, 'no command defined'
+        true
+      elsif command_exists?('elixir') && command_exists?('mix')
+        logger.debug self.class, 'is installed', color: :green
+        true
+      else
+        logger.info self.class, '(elixir) is not installed', color: :red
+        false
+      end
+    end
+    private
+    def load_all_licenses
+      elixir_code = <<-ELIXIR
+      deps_path = "#{@deps_path}"
+      case File.ls(deps_path) do
+        {:ok, dirs} ->
+          Enum.reduce(dirs, [], fn name, acc ->
+            with hexmetadata_file <- Path.join([deps_path, name, "hex_metadata.config"]),
+                {:ok, metadata} <- :file.consult(hexmetadata_file),
+                {"licenses", licenses} <- List.keyfind(metadata, "licenses", 0) do
+              [[name, licenses] | acc]
+            else
+              _ -> acc
+            end
+          end)
+        {:error, _} ->
+          []
+      end
+      |> IO.inspect(limit: :infinity)
+      ELIXIR
+      command = "#{@elixir_command} -e '#{elixir_code}'"
+      return {} unless File.directory?(project_path)
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      Hash[JSON.parse(stdout)]
+    end
+    def end_of_package_lines?(line)
+      line == 'ok'
+    end
+    def mix_output
+      command = "#{@command} deps"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      packages_lines(stdout)
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
+        .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
+    end
+    def packages_lines(stdout)
+      packages_lines, last_package_lines =
+        stdout
+        .each_line
+        .map(&:strip)
+        .reject { |line| end_of_package_lines?(line) }
+        .reduce([[], []]) do |(packages_lines, package_lines), line|
+        if start_of_package_lines?(line)
+          packages_lines.push(package_lines) unless package_lines.empty?
+          [packages_lines, [line]]
+        else
+          package_lines.push(line)
+          [packages_lines, package_lines]
+        end
+      end
+      packages_lines.push(last_package_lines)
+    end
+    def resolve_version(line)
+      line =~ /locked at ([^\s]+)/ ? Regexp.last_match(1) : line
+    end
+    def start_of_package_lines?(line)
+      line.start_with?('* ')
+    end
+  end
+end

data/lib/license_finder/package_managers/npm.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+require 'json'
+require 'tempfile'
+module LicenseFinder
+  class NPM < PackageManager
+    def initialize(options = {})
+      super
+      @npm_options = options[:npm_options]
+    end
+    def current_packages
+      NpmPackage.packages_from_json(npm_json, detected_package_path)
+    end
+    def package_management_command
+      'npm'
+    end
+    def prepare_command
+      'npm install --no-save --ignore-scripts'
+    end
+    def possible_package_paths
+      [project_path.join('package.json')]
+    end
+    def prepare
+      prep_cmd = "#{prepare_command}#{production_flag}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    private
+    def npm_json
+      command = "#{package_management_command} list --json --long#{production_flag}"
+      command += " #{@npm_options}" unless @npm_options.nil?
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      # we can try and continue if we got an exit status 1 - unmet peer dependency
+      raise "Command '#{command}' failed to execute: #{stderr}" if !status.success? && status.exitstatus != 1
+      JSON.parse(stdout)
+    end
+    def production_flag
+      return '' if @ignored_groups.nil?
+      @ignored_groups.include?('devDependencies') ? ' --production' : ''
+    end
+  end
+end