RubyGems - gitlab-license_finder - Versions diffs - 6.14.2.1 - Mend

gitlab-license_finder 6.14.2.1

Files changed (180) hide show

checksums.yaml +7 -0
data/.force-build +0 -0
data/.gitignore +13 -0
data/.rspec +1 -0
data/.rubocop.yml +70 -0
data/CHANGELOG.md +981 -0
data/CONTRIBUTING.md +121 -0
data/Dockerfile +249 -0
data/Gemfile +2 -0
data/LICENSE +22 -0
data/README.md +555 -0
data/Rakefile +77 -0
data/TODO.md +12 -0
data/VERSION +1 -0
data/appveyor.yml +21 -0
data/bin/license_finder +6 -0
data/bin/license_finder_pip.py +43 -0
data/ci/pipelines/pull-request.yml.erb +141 -0
data/ci/pipelines/release.yml.erb +200 -0
data/ci/scripts/containerize-tests.sh +14 -0
data/ci/scripts/pushscript.sh +32 -0
data/ci/scripts/run-rubocop.sh +15 -0
data/ci/scripts/run-tests.sh +24 -0
data/ci/scripts/test.ps1 +81 -0
data/ci/scripts/updateChangelog.sh +84 -0
data/ci/tasks/build-and-push-gem.yml +10 -0
data/ci/tasks/build-windows.yml +6 -0
data/ci/tasks/build.yml +16 -0
data/ci/tasks/rubocop.yml +15 -0
data/ci/tasks/run-tests.yml +10 -0
data/ci/tasks/update-changelog.yml +18 -0
data/dlf +12 -0
data/examples/Gemfile +4 -0
data/examples/custom_erb_template.rb +24 -0
data/examples/extract_license_data.rb +63 -0
data/examples/sample_template.erb +7 -0
data/lib/license_finder/cli/approvals.rb +28 -0
data/lib/license_finder/cli/base.rb +107 -0
data/lib/license_finder/cli/dependencies.rb +44 -0
data/lib/license_finder/cli/ignored_dependencies.rb +32 -0
data/lib/license_finder/cli/ignored_groups.rb +32 -0
data/lib/license_finder/cli/inherited_decisions.rb +50 -0
data/lib/license_finder/cli/licenses.rb +26 -0
data/lib/license_finder/cli/main.rb +221 -0
data/lib/license_finder/cli/makes_decisions.rb +38 -0
data/lib/license_finder/cli/patched_thor.rb +33 -0
data/lib/license_finder/cli/permitted_licenses.rb +32 -0
data/lib/license_finder/cli/project_name.rb +32 -0
data/lib/license_finder/cli/restricted_licenses.rb +32 -0
data/lib/license_finder/cli.rb +20 -0
data/lib/license_finder/configuration.rb +186 -0
data/lib/license_finder/core.rb +118 -0
data/lib/license_finder/decision_applier.rb +70 -0
data/lib/license_finder/decisions.rb +312 -0
data/lib/license_finder/decisions_factory.rb +13 -0
data/lib/license_finder/diff.rb +51 -0
data/lib/license_finder/license/any_matcher.rb +15 -0
data/lib/license_finder/license/definitions.rb +366 -0
data/lib/license_finder/license/header_matcher.rb +17 -0
data/lib/license_finder/license/matcher.rb +24 -0
data/lib/license_finder/license/none_matcher.rb +11 -0
data/lib/license_finder/license/template.rb +19 -0
data/lib/license_finder/license/templates/0BSD.txt +10 -0
data/lib/license_finder/license/templates/Apache1_1.txt +16 -0
data/lib/license_finder/license/templates/Apache2.txt +172 -0
data/lib/license_finder/license/templates/BSD.txt +24 -0
data/lib/license_finder/license/templates/CC01.txt +30 -0
data/lib/license_finder/license/templates/CDDL1.txt +131 -0
data/lib/license_finder/license/templates/EPL1.txt +86 -0
data/lib/license_finder/license/templates/GPLv2.txt +339 -0
data/lib/license_finder/license/templates/GPLv3.txt +674 -0
data/lib/license_finder/license/templates/ISC.txt +2 -0
data/lib/license_finder/license/templates/LGPL.txt +165 -0
data/lib/license_finder/license/templates/LGPL2_1.txt +169 -0
data/lib/license_finder/license/templates/MIT.txt +9 -0
data/lib/license_finder/license/templates/MPL1_1.txt +469 -0
data/lib/license_finder/license/templates/MPL2.txt +373 -0
data/lib/license_finder/license/templates/NewBSD.txt +21 -0
data/lib/license_finder/license/templates/OFL.txt +91 -0
data/lib/license_finder/license/templates/Python.txt +47 -0
data/lib/license_finder/license/templates/Ruby.txt +52 -0
data/lib/license_finder/license/templates/SimplifiedBSD.txt +19 -0
data/lib/license_finder/license/templates/WTFPL.txt +14 -0
data/lib/license_finder/license/templates/Zlib.txt +17 -0
data/lib/license_finder/license/text.rb +45 -0
data/lib/license_finder/license.rb +117 -0
data/lib/license_finder/license_aggregator.rb +59 -0
data/lib/license_finder/logger.rb +69 -0
data/lib/license_finder/package.rb +202 -0
data/lib/license_finder/package_delta.rb +61 -0
data/lib/license_finder/package_manager.rb +181 -0
data/lib/license_finder/package_managers/bower.rb +37 -0
data/lib/license_finder/package_managers/bundler.rb +110 -0
data/lib/license_finder/package_managers/cargo.rb +38 -0
data/lib/license_finder/package_managers/carthage.rb +68 -0
data/lib/license_finder/package_managers/cocoa_pods.rb +61 -0
data/lib/license_finder/package_managers/composer.rb +63 -0
data/lib/license_finder/package_managers/conan.rb +28 -0
data/lib/license_finder/package_managers/conda.rb +131 -0
data/lib/license_finder/package_managers/dep.rb +43 -0
data/lib/license_finder/package_managers/dotnet.rb +83 -0
data/lib/license_finder/package_managers/erlangmk.rb +50 -0
data/lib/license_finder/package_managers/glide.rb +36 -0
data/lib/license_finder/package_managers/go_15vendorexperiment.rb +87 -0
data/lib/license_finder/package_managers/go_dep.rb +80 -0
data/lib/license_finder/package_managers/go_modules.rb +93 -0
data/lib/license_finder/package_managers/go_workspace.rb +116 -0
data/lib/license_finder/package_managers/govendor.rb +73 -0
data/lib/license_finder/package_managers/gradle.rb +99 -0
data/lib/license_finder/package_managers/gvt.rb +69 -0
data/lib/license_finder/package_managers/maven.rb +65 -0
data/lib/license_finder/package_managers/mix.rb +131 -0
data/lib/license_finder/package_managers/npm.rb +57 -0
data/lib/license_finder/package_managers/nuget.rb +154 -0
data/lib/license_finder/package_managers/pip.rb +70 -0
data/lib/license_finder/package_managers/pipenv.rb +63 -0
data/lib/license_finder/package_managers/rebar.rb +65 -0
data/lib/license_finder/package_managers/sbt.rb +50 -0
data/lib/license_finder/package_managers/spm.rb +93 -0
data/lib/license_finder/package_managers/trash.rb +43 -0
data/lib/license_finder/package_managers/yarn.rb +107 -0
data/lib/license_finder/package_utils/activation.rb +40 -0
data/lib/license_finder/package_utils/conan_info_parser.rb +77 -0
data/lib/license_finder/package_utils/gradle_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/license_files.rb +41 -0
data/lib/license_finder/package_utils/licensing.rb +39 -0
data/lib/license_finder/package_utils/maven_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/notice_files.rb +40 -0
data/lib/license_finder/package_utils/possible_license_file.rb +27 -0
data/lib/license_finder/package_utils/pypi.rb +41 -0
data/lib/license_finder/package_utils/sbt_dependency_finder.rb +15 -0
data/lib/license_finder/packages/bower_package.rb +42 -0
data/lib/license_finder/packages/bundler_package.rb +33 -0
data/lib/license_finder/packages/cargo_package.rb +28 -0
data/lib/license_finder/packages/carthage_package.rb +18 -0
data/lib/license_finder/packages/cocoa_pods_package.rb +22 -0
data/lib/license_finder/packages/composer_package.rb +13 -0
data/lib/license_finder/packages/conan_package.rb +23 -0
data/lib/license_finder/packages/conda_package.rb +74 -0
data/lib/license_finder/packages/erlangmk_package.rb +114 -0
data/lib/license_finder/packages/go_package.rb +32 -0
data/lib/license_finder/packages/gradle_package.rb +30 -0
data/lib/license_finder/packages/manual_package.rb +27 -0
data/lib/license_finder/packages/maven_package.rb +27 -0
data/lib/license_finder/packages/merged_package.rb +44 -0
data/lib/license_finder/packages/mix_package.rb +13 -0
data/lib/license_finder/packages/npm_package.rb +171 -0
data/lib/license_finder/packages/nuget_package.rb +13 -0
data/lib/license_finder/packages/pip_package.rb +50 -0
data/lib/license_finder/packages/rebar_package.rb +13 -0
data/lib/license_finder/packages/sbt_package.rb +22 -0
data/lib/license_finder/packages/spm_package.rb +18 -0
data/lib/license_finder/packages/yarn_package.rb +13 -0
data/lib/license_finder/platform.rb +15 -0
data/lib/license_finder/project_finder.rb +62 -0
data/lib/license_finder/report.rb +33 -0
data/lib/license_finder/reports/csv_report.rb +99 -0
data/lib/license_finder/reports/diff_report.rb +29 -0
data/lib/license_finder/reports/erb_report.rb +58 -0
data/lib/license_finder/reports/html_report.rb +13 -0
data/lib/license_finder/reports/json_report.rb +30 -0
data/lib/license_finder/reports/junit_report.rb +19 -0
data/lib/license_finder/reports/markdown_report.rb +9 -0
data/lib/license_finder/reports/merged_report.rb +16 -0
data/lib/license_finder/reports/templates/bootstrap.css +9 -0
data/lib/license_finder/reports/templates/html_report.erb +113 -0
data/lib/license_finder/reports/templates/junit_report.erb +41 -0
data/lib/license_finder/reports/templates/markdown_report.erb +49 -0
data/lib/license_finder/reports/templates/xml_report.erb +19 -0
data/lib/license_finder/reports/text_report.rb +12 -0
data/lib/license_finder/reports/xml_report.rb +19 -0
data/lib/license_finder/scanner.rb +83 -0
data/lib/license_finder/shared_helpers/cmd.rb +13 -0
data/lib/license_finder/shared_helpers/common_path.rb +29 -0
data/lib/license_finder/version.rb +6 -0
data/lib/license_finder.rb +14 -0
data/license_finder.gemspec +72 -0
data/release/instructions.md +8 -0
data/swift-all-keys.asc +240 -0
metadata +544 -0

data/lib/license_finder/package_managers/nuget.rb ADDED Viewed

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+require 'rexml/document'
+require 'zip'
+module LicenseFinder
+  class Nuget < PackageManager
+    class Assembly
+      attr_reader :name, :path
+      def initialize(path, name)
+        @path = path
+        @name = name
+      end
+      def dependencies
+        xml = REXML::Document.new(File.read(path.join('packages.config')))
+        packages = REXML::XPath.match(xml, '//package')
+        packages.map do |p|
+          attrs = p.attributes
+          Dependency.new(attrs['id'], attrs['version'], name)
+        end
+      end
+    end
+    Dependency = Struct.new(:name, :version, :assembly)
+    def possible_package_paths
+      path = project_path.join('vendor/*.nupkg')
+      nuget_dir = Dir[path].map { |pkg| File.dirname(pkg) }.uniq
+      # Presence of a .sln is a good indicator for a dotnet solution
+      # cf.: https://docs.microsoft.com/en-us/nuget/tools/cli-ref-restore#remarks
+      path = project_path.join('*.sln')
+      solution_file = Dir[path].first
+      possible_paths = [project_path.join('packages.config'), project_path.join('.nuget')]
+      possible_paths.unshift(Pathname(solution_file)) unless solution_file.nil?
+      possible_paths.unshift(Pathname(nuget_dir.first)) unless nuget_dir.empty?
+      possible_paths
+    end
+    def assemblies
+      Dir.glob(project_path.join('**', 'packages.config'), File::FNM_DOTMATCH).map do |d|
+        path = Pathname.new(d).dirname
+        name = path.basename.to_s
+        Assembly.new path, name
+      end
+    end
+    def current_packages
+      dependencies.each_with_object({}) do |dep, memo|
+        licenses = license_urls(dep)
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{dep.name.downcase}/#{dep.version}").first
+        memo[dep.name] ||= NugetPackage.new(dep.name, dep.version, spec_licenses: licenses, install_path: path)
+        memo[dep.name].groups << dep.assembly unless memo[dep.name].groups.include? dep.assembly
+      end.values
+    end
+    def license_urls(dep)
+      files = Dir["**/#{dep.name}.#{dep.version}.nupkg"]
+      return nil if files.empty?
+      file = files.first
+      Zip::File.open file do |zipfile|
+        content = zipfile.read(dep.name + '.nuspec')
+        Nuget.nuspec_license_urls(content)
+      end
+    end
+    def dependencies
+      assemblies.flat_map(&:dependencies)
+    end
+    def nuget_binary
+      legacy_vcproj = Dir['**/*.vcproj'].any?
+      if legacy_vcproj
+        '/usr/local/bin/nugetv3.5.0.exe'
+      else
+        '/usr/local/bin/nuget.exe'
+      end
+    end
+    def package_management_command
+      return 'nuget' if LicenseFinder::Platform.windows?
+      "mono #{nuget_binary}"
+    end
+    def prepare
+      Dir.chdir(project_path) do
+        cmd = prepare_command
+        stdout, stderr, status = Cmd.run(cmd)
+        return if status.success?
+        log_errors stderr
+        if stderr.include?('-PackagesDirectory')
+          logger.info cmd, 'trying fallback prepare command', color: :magenta
+          cmd = "#{cmd} -PackagesDirectory /#{Dir.home}/.nuget/packages"
+          stdout, stderr, status = Cmd.run(cmd)
+          return if status.success?
+          log_errors_with_cmd(cmd, stderr)
+        end
+        error_message = "Prepare command '#{cmd}' failed\n#{stderr}"
+        error_message += "\n#{stdout}\n" if !stdout.nil? && !stdout.empty?
+        raise error_message unless @prepare_no_fail
+      end
+    end
+    def prepare_command
+      cmd = package_management_command
+      sln_files = Dir['*.sln']
+      cmds = []
+      if sln_files.count > 1
+        sln_files.each do |sln|
+          cmds << "#{cmd} restore #{sln}"
+        end
+      else
+        cmds << "#{cmd} restore"
+      end
+      cmds.join(' && ')
+    end
+    def installed?(logger = Core.default_logger)
+      _stdout, _stderr, status = Cmd.run(nuget_check)
+      if status.success?
+        logger.debug self.class, 'is installed', color: :green
+      else
+        logger.info self.class, 'is not installed', color: :red
+      end
+      status.success?
+    end
+    def nuget_check
+      return 'where nuget' if LicenseFinder::Platform.windows?
+      "which mono && ls #{nuget_binary}"
+    end
+    def self.nuspec_license_urls(specfile_content)
+      xml = REXML::Document.new(specfile_content)
+      REXML::XPath.match(xml, '//metadata//licenseUrl')
+                  .map(&:get_text)
+                  .map(&:to_s)
+    end
+  end
+end

data/lib/license_finder/package_managers/pip.rb ADDED Viewed

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Pip < PackageManager
+    DEFAULT_VERSION = '2'
+    def initialize(options = {})
+      super
+      @requirements_path = options[:pip_requirements_path] || Pathname('requirements.txt')
+      @python_version = options[:python_version] || DEFAULT_VERSION
+      raise "Invalid python version \'#{@python_version}\'. Valid versions are '2' or '3'." unless %w[2 3].include?(@python_version)
+    end
+    def current_packages
+      pip_output.map do |name, version, children, location|
+        PipPackage.new(
+          name,
+          version,
+          PyPI.definition(name, version),
+          logger: logger,
+          children: children,
+          install_path: Pathname(location).join(name)
+        )
+      end
+    end
+    def package_management_command
+      "pip#{@python_version}"
+    end
+    def prepare_command
+      "pip#{@python_version} install"
+    end
+    def prepare
+      prep_cmd = "#{prepare_command} -r #{@requirements_path}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    def possible_package_paths
+      if project_path.nil?
+        [@requirements_path]
+      else
+        [project_path.join(@requirements_path)]
+      end
+    end
+    private
+    def pip_output
+      command = "python#{@python_version == '2' ? '' : '3'} #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} #{detected_package_path}"
+      stdout, stderr, status = Cmd.run(command)
+      if status.success?
+        JSON(stdout).map do |package|
+          package.values_at('name', 'version', 'dependencies', 'location')
+        end
+      else
+        log_errors "LicenseFinder command '#{command}' failed:\n\t#{stderr}"
+        []
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/pipenv.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+require 'json'
+require 'license_finder/package_utils/pypi'
+module LicenseFinder
+  class Pipenv < PackageManager
+    def initialize(options = {})
+      super
+      @lockfile = Pathname('Pipfile.lock')
+    end
+    def current_packages
+      @current_packages ||=
+        begin
+          packages = {}
+          each_dependency(groups: allowed_groups) do |name, data, group|
+            version = canonicalize(data['version'] || 'unknown')
+            package = packages.fetch(key_for(name, version)) do |key|
+              packages[key] = build_package_for(name, version)
+            end
+            package.groups << group
+          end
+          packages.values
+        end
+    end
+    def possible_package_paths
+      project_path ? [project_path.join(@lockfile)] : [@lockfile]
+    end
+    private
+    def each_dependency(groups: [])
+      dependencies = JSON.parse(IO.read(detected_package_path))
+      groups.each do |group|
+        dependencies[group].each do |name, data|
+          yield name, data, group
+        end
+      end
+    end
+    def canonicalize(version)
+      version.sub(/^==/, '')
+    end
+    def build_package_for(name, version)
+      PipPackage.new(name, version, PyPI.definition(name, version))
+    end
+    def key_for(name, version)
+      "#{name}-#{version}"
+    end
+    def allowed_groups
+      %w[default develop] - ignored_groups.to_a
+    end
+    def ignored_groups
+      @ignored_groups || []
+    end
+  end
+end

data/lib/license_finder/package_managers/rebar.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Rebar < PackageManager
+    def initialize(options = {})
+      super
+      @command = options[:rebar_command] || package_management_command
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
+    end
+    def current_packages
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
+        RebarPackage.new(
+          name,
+          version,
+          install_path: @deps_path.join(name),
+          homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
+          logger: logger
+        )
+      end
+    end
+    def package_management_command
+      'rebar3'
+    end
+    def possible_package_paths
+      [project_path.join('rebar.config')]
+    end
+    private
+    def rebar_deps
+      command = "#{@command} tree"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      stdout
+        .each_line
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+      licenses = nil
+      homepage = nil
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+      [licenses, homepage]
+    end
+  end
+end

data/lib/license_finder/package_managers/sbt.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'csv'
+require 'license_finder/package_utils/sbt_dependency_finder'
+module LicenseFinder
+  class Sbt < PackageManager
+    def initialize(options = {})
+      super
+      @include_groups = options[:sbt_include_groups]
+    end
+    def current_packages
+      command = "#{package_management_command} dumpLicenseReport"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      dependencies = SbtDependencyFinder.new(project_path).dependencies
+      packages = dependencies.flat_map do |text|
+        options = {
+          headers: true
+        }
+        contents = CSV.parse(text, options)
+        contents.map do |row|
+          group_id, name, version = row['Dependency'].split('#').map(&:strip)
+          spec = {
+            'artifactId' => name,
+            'groupId' => group_id,
+            'version' => version,
+            'licenses' => [{ 'name' => row['License'] }]
+          }
+          path = File.join("#{Dir.home}/.ivy2/cache", "#{spec['groupId']}/#{spec['artifactId']}")
+          SbtPackage.new(spec, logger: logger, include_groups: @include_groups, install_path: path)
+        end
+      end
+      packages.uniq
+    end
+    def package_management_command
+      'sbt'
+    end
+    def possible_package_paths
+      [project_path.join('build.sbt')]
+    end
+  end
+end

data/lib/license_finder/package_managers/spm.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Spm < PackageManager
+    class SpmError < RuntimeError; end
+    def current_packages
+      unless File.exist?(workspace_state_path)
+        raise SpmError, 'No checked-out SPM packages found.
+          Please install your dependencies first.'
+      end
+      workspace_state = JSON.parse(IO.read(workspace_state_path))
+      workspace_state['object']['dependencies'].map do |dependency|
+        package_ref = dependency['packageRef']
+        checkout_state = dependency['state']['checkoutState']
+        subpath = dependency['subpath']
+        package_name = package_ref['name']
+        package_version = checkout_state['version'] || checkout_state['revision']
+        homepage = package_ref['path']
+        SpmPackage.new(
+          package_name,
+          package_version,
+          license_text(subpath),
+          logger: logger,
+          install_path: project_checkout(subpath),
+          homepage: homepage
+        )
+      end
+    end
+    def package_management_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild' : 'swift'
+    end
+    def prepare_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild -resolvePackageDependencies' : 'swift package resolve'
+    end
+    def possible_package_paths
+      [workspace_state_path]
+    end
+    private
+    def resolved_package
+      if File.exist?(resolved_path)
+        @resolved_file ||= IO.read(resolved_path)
+      else
+        raise SpmError, 'No Package.resolved found.
+          Please install your dependencies first and provide it via environment variable
+          SPM_PACKAGE_RESOLVED'
+      end
+    end
+    def resolved_path
+      # Xcode projects have SPM packages info under project's derived data location
+      derived_data_folder = ENV['SPM_DERIVED_DATA']
+      if derived_data_folder
+        pathname = Pathname.new(derived_data_folder)
+        pathname.absolute? ? pathname : project_path.join(derived_data_folder)
+      else
+        project_path.join('.build')
+      end
+    end
+    def workspace_state_path
+      resolved_path.join('workspace-state.json')
+    end
+    def license_text(subpath)
+      license_path = license_pattern(subpath).find { |f| File.exist?(f) }
+      license_path.nil? ? nil : IO.read(license_path)
+    end
+    def project_checkout(subpath)
+      resolved_path.join('checkouts', subpath)
+    end
+    def license_pattern(subpath)
+      checkout_path = project_checkout(subpath)
+      Dir.glob(checkout_path.join('LICENSE*'), File::FNM_CASEFOLD)
+    end
+    def name_version_from_line(cartfile_line)
+      cartfile_line.split(' ')[1, 2].map { |f| f.split('/').last.delete('"').gsub('.git', '') }
+    end
+  end
+end

data/lib/license_finder/package_managers/trash.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Trash < PackageManager
+    class << self
+      def package_management_command
+        'trash'
+      end
+      def takes_priority_over
+        Go15VendorExperiment
+      end
+    end
+    def prepare_command
+      'trash'
+    end
+    def possible_package_paths
+      [project_path.join('vendor.conf')]
+    end
+    def current_packages
+      dependencies_path = project_path.join('trash.lock')
+      YAML.load_file(dependencies_path).fetch('import').map do |package_hash|
+        import_path = package_hash.fetch('package')
+        license_path = project_path.join('vendor', import_path)
+        GoPackage.from_dependency({
+                                    'ImportPath' => import_path,
+                                    'InstallPath' => license_path,
+                                    'Rev' => package_hash.fetch('version'),
+                                    'Homepage' => repo_name(import_path)
+                                  }, nil, true)
+      end
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+  end
+end

data/lib/license_finder/package_managers/yarn.rb ADDED Viewed

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Yarn < PackageManager
+    SHELL_COMMAND = 'yarn licenses list --no-progress --json'
+    def possible_package_paths
+      [project_path.join('yarn.lock')]
+    end
+    def current_packages
+      cmd = "#{Yarn::SHELL_COMMAND}#{production_flag}"
+      suffix = " --cwd #{project_path}" unless project_path.nil?
+      cmd += suffix unless suffix.nil?
+      stdout, _stderr, status = Cmd.run(cmd)
+      return [] unless status.success?
+      packages = []
+      incompatible_packages = []
+      json_strings = stdout.encode('ASCII', invalid: :replace, undef: :replace, replace: '?').split("\n")
+      json_objects = json_strings.map { |json_object| JSON.parse(json_object) }
+      if json_objects.last['type'] == 'table'
+        license_json = json_objects.pop['data']
+        packages = packages_from_json(license_json)
+      end
+      json_objects.each do |json_object|
+        match = /(?<name>[\w,\-]+)@(?<version>(\d+\.?)+)/ =~ json_object['data'].to_s
+        if match
+          package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
+          incompatible_packages.push(package)
+        end
+      end
+      packages + incompatible_packages.uniq
+    end
+    def prepare
+      prep_cmd = "#{prepare_command}#{production_flag}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    def self.takes_priority_over
+      NPM
+    end
+    def package_management_command
+      'yarn'
+    end
+    def prepare_command
+      'yarn install --ignore-engines --ignore-scripts'
+    end
+    private
+    def packages_from_json(json_data)
+      body = json_data['body']
+      head = json_data['head']
+      packages = body.map do |json_package|
+        Hash[head.zip(json_package)]
+      end
+      valid_packages = filter_yarn_internal_package(packages)
+      valid_packages.map do |package_hash|
+        YarnPackage.new(
+          package_hash['Name'],
+          package_hash['Version'],
+          spec_licenses: [package_hash['License']],
+          homepage: package_hash['VendorUrl'],
+          authors: package_hash['VendorName'],
+          install_path: project_path.join(modules_folder, package_hash['Name'])
+        )
+      end
+    end
+    def modules_folder
+      return @modules_folder if @modules_folder
+      stdout, _stderr, status = Cmd.run('yarn config get modules-folder')
+      @modules_folder = 'node_modules' if !status.success? || stdout.strip == 'undefined'
+      @modules_folder ||= stdout.strip
+    end
+    # remove fake package created by yarn [Yarn Bug]
+    def filter_yarn_internal_package(all_packages)
+      internal_package_pattern = /workspace-aggregator-[a-zA-z0-9]{8}-[a-zA-z0-9]{4}-[a-zA-z0-9]{4}-[a-zA-z0-9]{4}-[a-zA-z0-9]{12}/
+      yarn_internal_package = all_packages.find { |package| internal_package_pattern.match(package['Name']) }
+      all_packages - [yarn_internal_package]
+    end
+    def production_flag
+      return '' if @ignored_groups.nil?
+      @ignored_groups.include?('devDependencies') ? ' --production' : ''
+    end
+  end
+end

data/lib/license_finder/package_utils/activation.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module LicenseFinder
+  module Activation
+    # An Activation reports that a license has been activated for a package, and
+    # tracks the source of that information
+    Basic = Struct.new(:package, :license)
+    class FromDecision < Basic
+      def sources
+        ['from decision']
+      end
+    end
+    class FromSpec < Basic
+      def sources
+        ['from spec']
+      end
+    end
+    class FromFiles < Basic
+      def initialize(package, license, files)
+        super(package, license)
+        @files = files
+      end
+      attr_reader :files
+      def sources
+        files.map { |file| "from file '#{file.path}'" }
+      end
+    end
+    class None < Basic
+      def sources
+        []
+      end
+    end
+  end
+end