RubyGems - gitlab-license_finder - Versions diffs - 6.14.2.1 - Mend

gitlab-license_finder 6.14.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

checksums.yaml +7 -0
data/.force-build +0 -0
data/.gitignore +13 -0
data/.rspec +1 -0
data/.rubocop.yml +70 -0
data/CHANGELOG.md +981 -0
data/CONTRIBUTING.md +121 -0
data/Dockerfile +249 -0
data/Gemfile +2 -0
data/LICENSE +22 -0
data/README.md +555 -0
data/Rakefile +77 -0
data/TODO.md +12 -0
data/VERSION +1 -0
data/appveyor.yml +21 -0
data/bin/license_finder +6 -0
data/bin/license_finder_pip.py +43 -0
data/ci/pipelines/pull-request.yml.erb +141 -0
data/ci/pipelines/release.yml.erb +200 -0
data/ci/scripts/containerize-tests.sh +14 -0
data/ci/scripts/pushscript.sh +32 -0
data/ci/scripts/run-rubocop.sh +15 -0
data/ci/scripts/run-tests.sh +24 -0
data/ci/scripts/test.ps1 +81 -0
data/ci/scripts/updateChangelog.sh +84 -0
data/ci/tasks/build-and-push-gem.yml +10 -0
data/ci/tasks/build-windows.yml +6 -0
data/ci/tasks/build.yml +16 -0
data/ci/tasks/rubocop.yml +15 -0
data/ci/tasks/run-tests.yml +10 -0
data/ci/tasks/update-changelog.yml +18 -0
data/dlf +12 -0
data/examples/Gemfile +4 -0
data/examples/custom_erb_template.rb +24 -0
data/examples/extract_license_data.rb +63 -0
data/examples/sample_template.erb +7 -0
data/lib/license_finder/cli/approvals.rb +28 -0
data/lib/license_finder/cli/base.rb +107 -0
data/lib/license_finder/cli/dependencies.rb +44 -0
data/lib/license_finder/cli/ignored_dependencies.rb +32 -0
data/lib/license_finder/cli/ignored_groups.rb +32 -0
data/lib/license_finder/cli/inherited_decisions.rb +50 -0
data/lib/license_finder/cli/licenses.rb +26 -0
data/lib/license_finder/cli/main.rb +221 -0
data/lib/license_finder/cli/makes_decisions.rb +38 -0
data/lib/license_finder/cli/patched_thor.rb +33 -0
data/lib/license_finder/cli/permitted_licenses.rb +32 -0
data/lib/license_finder/cli/project_name.rb +32 -0
data/lib/license_finder/cli/restricted_licenses.rb +32 -0
data/lib/license_finder/cli.rb +20 -0
data/lib/license_finder/configuration.rb +186 -0
data/lib/license_finder/core.rb +118 -0
data/lib/license_finder/decision_applier.rb +70 -0
data/lib/license_finder/decisions.rb +312 -0
data/lib/license_finder/decisions_factory.rb +13 -0
data/lib/license_finder/diff.rb +51 -0
data/lib/license_finder/license/any_matcher.rb +15 -0
data/lib/license_finder/license/definitions.rb +366 -0
data/lib/license_finder/license/header_matcher.rb +17 -0
data/lib/license_finder/license/matcher.rb +24 -0
data/lib/license_finder/license/none_matcher.rb +11 -0
data/lib/license_finder/license/template.rb +19 -0
data/lib/license_finder/license/templates/0BSD.txt +10 -0
data/lib/license_finder/license/templates/Apache1_1.txt +16 -0
data/lib/license_finder/license/templates/Apache2.txt +172 -0
data/lib/license_finder/license/templates/BSD.txt +24 -0
data/lib/license_finder/license/templates/CC01.txt +30 -0
data/lib/license_finder/license/templates/CDDL1.txt +131 -0
data/lib/license_finder/license/templates/EPL1.txt +86 -0
data/lib/license_finder/license/templates/GPLv2.txt +339 -0
data/lib/license_finder/license/templates/GPLv3.txt +674 -0
data/lib/license_finder/license/templates/ISC.txt +2 -0
data/lib/license_finder/license/templates/LGPL.txt +165 -0
data/lib/license_finder/license/templates/LGPL2_1.txt +169 -0
data/lib/license_finder/license/templates/MIT.txt +9 -0
data/lib/license_finder/license/templates/MPL1_1.txt +469 -0
data/lib/license_finder/license/templates/MPL2.txt +373 -0
data/lib/license_finder/license/templates/NewBSD.txt +21 -0
data/lib/license_finder/license/templates/OFL.txt +91 -0
data/lib/license_finder/license/templates/Python.txt +47 -0
data/lib/license_finder/license/templates/Ruby.txt +52 -0
data/lib/license_finder/license/templates/SimplifiedBSD.txt +19 -0
data/lib/license_finder/license/templates/WTFPL.txt +14 -0
data/lib/license_finder/license/templates/Zlib.txt +17 -0
data/lib/license_finder/license/text.rb +45 -0
data/lib/license_finder/license.rb +117 -0
data/lib/license_finder/license_aggregator.rb +59 -0
data/lib/license_finder/logger.rb +69 -0
data/lib/license_finder/package.rb +202 -0
data/lib/license_finder/package_delta.rb +61 -0
data/lib/license_finder/package_manager.rb +181 -0
data/lib/license_finder/package_managers/bower.rb +37 -0
data/lib/license_finder/package_managers/bundler.rb +110 -0
data/lib/license_finder/package_managers/cargo.rb +38 -0
data/lib/license_finder/package_managers/carthage.rb +68 -0
data/lib/license_finder/package_managers/cocoa_pods.rb +61 -0
data/lib/license_finder/package_managers/composer.rb +63 -0
data/lib/license_finder/package_managers/conan.rb +28 -0
data/lib/license_finder/package_managers/conda.rb +131 -0
data/lib/license_finder/package_managers/dep.rb +43 -0
data/lib/license_finder/package_managers/dotnet.rb +83 -0
data/lib/license_finder/package_managers/erlangmk.rb +50 -0
data/lib/license_finder/package_managers/glide.rb +36 -0
data/lib/license_finder/package_managers/go_15vendorexperiment.rb +87 -0
data/lib/license_finder/package_managers/go_dep.rb +80 -0
data/lib/license_finder/package_managers/go_modules.rb +93 -0
data/lib/license_finder/package_managers/go_workspace.rb +116 -0
data/lib/license_finder/package_managers/govendor.rb +73 -0
data/lib/license_finder/package_managers/gradle.rb +99 -0
data/lib/license_finder/package_managers/gvt.rb +69 -0
data/lib/license_finder/package_managers/maven.rb +65 -0
data/lib/license_finder/package_managers/mix.rb +131 -0
data/lib/license_finder/package_managers/npm.rb +57 -0
data/lib/license_finder/package_managers/nuget.rb +154 -0
data/lib/license_finder/package_managers/pip.rb +70 -0
data/lib/license_finder/package_managers/pipenv.rb +63 -0
data/lib/license_finder/package_managers/rebar.rb +65 -0
data/lib/license_finder/package_managers/sbt.rb +50 -0
data/lib/license_finder/package_managers/spm.rb +93 -0
data/lib/license_finder/package_managers/trash.rb +43 -0
data/lib/license_finder/package_managers/yarn.rb +107 -0
data/lib/license_finder/package_utils/activation.rb +40 -0
data/lib/license_finder/package_utils/conan_info_parser.rb +77 -0
data/lib/license_finder/package_utils/gradle_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/license_files.rb +41 -0
data/lib/license_finder/package_utils/licensing.rb +39 -0
data/lib/license_finder/package_utils/maven_dependency_finder.rb +15 -0
data/lib/license_finder/package_utils/notice_files.rb +40 -0
data/lib/license_finder/package_utils/possible_license_file.rb +27 -0
data/lib/license_finder/package_utils/pypi.rb +41 -0
data/lib/license_finder/package_utils/sbt_dependency_finder.rb +15 -0
data/lib/license_finder/packages/bower_package.rb +42 -0
data/lib/license_finder/packages/bundler_package.rb +33 -0
data/lib/license_finder/packages/cargo_package.rb +28 -0
data/lib/license_finder/packages/carthage_package.rb +18 -0
data/lib/license_finder/packages/cocoa_pods_package.rb +22 -0
data/lib/license_finder/packages/composer_package.rb +13 -0
data/lib/license_finder/packages/conan_package.rb +23 -0
data/lib/license_finder/packages/conda_package.rb +74 -0
data/lib/license_finder/packages/erlangmk_package.rb +114 -0
data/lib/license_finder/packages/go_package.rb +32 -0
data/lib/license_finder/packages/gradle_package.rb +30 -0
data/lib/license_finder/packages/manual_package.rb +27 -0
data/lib/license_finder/packages/maven_package.rb +27 -0
data/lib/license_finder/packages/merged_package.rb +44 -0
data/lib/license_finder/packages/mix_package.rb +13 -0
data/lib/license_finder/packages/npm_package.rb +171 -0
data/lib/license_finder/packages/nuget_package.rb +13 -0
data/lib/license_finder/packages/pip_package.rb +50 -0
data/lib/license_finder/packages/rebar_package.rb +13 -0
data/lib/license_finder/packages/sbt_package.rb +22 -0
data/lib/license_finder/packages/spm_package.rb +18 -0
data/lib/license_finder/packages/yarn_package.rb +13 -0
data/lib/license_finder/platform.rb +15 -0
data/lib/license_finder/project_finder.rb +62 -0
data/lib/license_finder/report.rb +33 -0
data/lib/license_finder/reports/csv_report.rb +99 -0
data/lib/license_finder/reports/diff_report.rb +29 -0
data/lib/license_finder/reports/erb_report.rb +58 -0
data/lib/license_finder/reports/html_report.rb +13 -0
data/lib/license_finder/reports/json_report.rb +30 -0
data/lib/license_finder/reports/junit_report.rb +19 -0
data/lib/license_finder/reports/markdown_report.rb +9 -0
data/lib/license_finder/reports/merged_report.rb +16 -0
data/lib/license_finder/reports/templates/bootstrap.css +9 -0
data/lib/license_finder/reports/templates/html_report.erb +113 -0
data/lib/license_finder/reports/templates/junit_report.erb +41 -0
data/lib/license_finder/reports/templates/markdown_report.erb +49 -0
data/lib/license_finder/reports/templates/xml_report.erb +19 -0
data/lib/license_finder/reports/text_report.rb +12 -0
data/lib/license_finder/reports/xml_report.rb +19 -0
data/lib/license_finder/scanner.rb +83 -0
data/lib/license_finder/shared_helpers/cmd.rb +13 -0
data/lib/license_finder/shared_helpers/common_path.rb +29 -0
data/lib/license_finder/version.rb +6 -0
data/lib/license_finder.rb +14 -0
data/license_finder.gemspec +72 -0
data/release/instructions.md +8 -0
data/swift-all-keys.asc +240 -0
metadata +544 -0

data/lib/license_finder/package_managers/nuget.rb ADDED Viewed

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+require 'rexml/document'
+require 'zip'
+module LicenseFinder
+  class Nuget < PackageManager
+    class Assembly
+      attr_reader :name, :path
+      def initialize(path, name)
+        @path = path
+        @name = name
+      end
+      def dependencies
+        xml = REXML::Document.new(File.read(path.join('packages.config')))
+        packages = REXML::XPath.match(xml, '//package')
+        packages.map do |p|
+          attrs = p.attributes
+          Dependency.new(attrs['id'], attrs['version'], name)
+        end
+      end
+    end
+    Dependency = Struct.new(:name, :version, :assembly)
+    def possible_package_paths
+      path = project_path.join('vendor/*.nupkg')
+      nuget_dir = Dir[path].map { |pkg| File.dirname(pkg) }.uniq
+      # Presence of a .sln is a good indicator for a dotnet solution
+      # cf.: https://docs.microsoft.com/en-us/nuget/tools/cli-ref-restore#remarks
+      path = project_path.join('*.sln')
+      solution_file = Dir[path].first
+      possible_paths = [project_path.join('packages.config'), project_path.join('.nuget')]
+      possible_paths.unshift(Pathname(solution_file)) unless solution_file.nil?
+      possible_paths.unshift(Pathname(nuget_dir.first)) unless nuget_dir.empty?
+      possible_paths
+    end
+    def assemblies
+      Dir.glob(project_path.join('**', 'packages.config'), File::FNM_DOTMATCH).map do |d|
+        path = Pathname.new(d).dirname
+        name = path.basename.to_s
+        Assembly.new path, name
+      end
+    end
+    def current_packages
+      dependencies.each_with_object({}) do |dep, memo|
+        licenses = license_urls(dep)
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{dep.name.downcase}/#{dep.version}").first
+        memo[dep.name] ||= NugetPackage.new(dep.name, dep.version, spec_licenses: licenses, install_path: path)
+        memo[dep.name].groups << dep.assembly unless memo[dep.name].groups.include? dep.assembly
+      end.values
+    end
+    def license_urls(dep)
+      files = Dir["**/#{dep.name}.#{dep.version}.nupkg"]
+      return nil if files.empty?
+      file = files.first
+      Zip::File.open file do |zipfile|
+        content = zipfile.read(dep.name + '.nuspec')
+        Nuget.nuspec_license_urls(content)
+      end
+    end
+    def dependencies
+      assemblies.flat_map(&:dependencies)
+    end
+    def nuget_binary
+      legacy_vcproj = Dir['**/*.vcproj'].any?
+      if legacy_vcproj
+        '/usr/local/bin/nugetv3.5.0.exe'
+      else
+        '/usr/local/bin/nuget.exe'
+      end
+    end
+    def package_management_command
+      return 'nuget' if LicenseFinder::Platform.windows?
+      "mono #{nuget_binary}"
+    end
+    def prepare
+      Dir.chdir(project_path) do
+        cmd = prepare_command
+        stdout, stderr, status = Cmd.run(cmd)
+        return if status.success?
+        log_errors stderr
+        if stderr.include?('-PackagesDirectory')
+          logger.info cmd, 'trying fallback prepare command', color: :magenta
+          cmd = "#{cmd} -PackagesDirectory /#{Dir.home}/.nuget/packages"
+          stdout, stderr, status = Cmd.run(cmd)
+          return if status.success?
+          log_errors_with_cmd(cmd, stderr)
+        end
+        error_message = "Prepare command '#{cmd}' failed\n#{stderr}"
+        error_message += "\n#{stdout}\n" if !stdout.nil? && !stdout.empty?
+        raise error_message unless @prepare_no_fail
+      end
+    end
+    def prepare_command
+      cmd = package_management_command
+      sln_files = Dir['*.sln']
+      cmds = []
+      if sln_files.count > 1
+        sln_files.each do |sln|
+          cmds << "#{cmd} restore #{sln}"
+        end
+      else
+        cmds << "#{cmd} restore"
+      end
+      cmds.join(' && ')
+    end
+    def installed?(logger = Core.default_logger)
+      _stdout, _stderr, status = Cmd.run(nuget_check)
+      if status.success?
+        logger.debug self.class, 'is installed', color: :green
+      else
+        logger.info self.class, 'is not installed', color: :red
+      end
+      status.success?
+    end
+    def nuget_check
+      return 'where nuget' if LicenseFinder::Platform.windows?
+      "which mono && ls #{nuget_binary}"
+    end
+    def self.nuspec_license_urls(specfile_content)
+      xml = REXML::Document.new(specfile_content)
+      REXML::XPath.match(xml, '//metadata//licenseUrl')
+                  .map(&:get_text)
+                  .map(&:to_s)
+    end
+  end
+end

data/lib/license_finder/package_managers/pip.rb ADDED Viewed

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Pip < PackageManager
+    DEFAULT_VERSION = '2'
+    def initialize(options = {})
+      super
+      @requirements_path = options[:pip_requirements_path] || Pathname('requirements.txt')
+      @python_version = options[:python_version] || DEFAULT_VERSION
+      raise "Invalid python version \'#{@python_version}\'. Valid versions are '2' or '3'." unless %w[2 3].include?(@python_version)
+    end
+    def current_packages
+      pip_output.map do |name, version, children, location|
+        PipPackage.new(
+          name,
+          version,
+          PyPI.definition(name, version),
+          logger: logger,
+          children: children,
+          install_path: Pathname(location).join(name)
+        )
+      end
+    end
+    def package_management_command
+      "pip#{@python_version}"
+    end
+    def prepare_command
+      "pip#{@python_version} install"
+    end
+    def prepare
+      prep_cmd = "#{prepare_command} -r #{@requirements_path}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    def possible_package_paths
+      if project_path.nil?
+        [@requirements_path]
+      else
+        [project_path.join(@requirements_path)]
+      end
+    end
+    private
+    def pip_output
+      command = "python#{@python_version == '2' ? '' : '3'} #{LicenseFinder::BIN_PATH.join('license_finder_pip.py')} #{detected_package_path}"
+      stdout, stderr, status = Cmd.run(command)
+      if status.success?
+        JSON(stdout).map do |package|
+          package.values_at('name', 'version', 'dependencies', 'location')
+        end
+      else
+        log_errors "LicenseFinder command '#{command}' failed:\n\t#{stderr}"
+        []
+      end
+    end
+  end
+end

data/lib/license_finder/package_managers/pipenv.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+require 'json'
+require 'license_finder/package_utils/pypi'
+module LicenseFinder
+  class Pipenv < PackageManager
+    def initialize(options = {})
+      super
+      @lockfile = Pathname('Pipfile.lock')
+    end
+    def current_packages
+      @current_packages ||=
+        begin
+          packages = {}
+          each_dependency(groups: allowed_groups) do |name, data, group|
+            version = canonicalize(data['version'] || 'unknown')
+            package = packages.fetch(key_for(name, version)) do |key|
+              packages[key] = build_package_for(name, version)
+            end
+            package.groups << group
+          end
+          packages.values
+        end
+    end
+    def possible_package_paths
+      project_path ? [project_path.join(@lockfile)] : [@lockfile]
+    end
+    private
+    def each_dependency(groups: [])
+      dependencies = JSON.parse(IO.read(detected_package_path))
+      groups.each do |group|
+        dependencies[group].each do |name, data|
+          yield name, data, group
+        end
+      end
+    end
+    def canonicalize(version)
+      version.sub(/^==/, '')
+    end
+    def build_package_for(name, version)
+      PipPackage.new(name, version, PyPI.definition(name, version))
+    end
+    def key_for(name, version)
+      "#{name}-#{version}"
+    end
+    def allowed_groups
+      %w[default develop] - ignored_groups.to_a
+    end
+    def ignored_groups
+      @ignored_groups || []
+    end
+  end
+end

data/lib/license_finder/package_managers/rebar.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Rebar < PackageManager
+    def initialize(options = {})
+      super
+      @command = options[:rebar_command] || package_management_command
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
+    end
+    def current_packages
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
+        RebarPackage.new(
+          name,
+          version,
+          install_path: @deps_path.join(name),
+          homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
+          logger: logger
+        )
+      end
+    end
+    def package_management_command
+      'rebar3'
+    end
+    def possible_package_paths
+      [project_path.join('rebar.config')]
+    end
+    private
+    def rebar_deps
+      command = "#{@command} tree"
+      stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      stdout
+        .each_line
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+      licenses = nil
+      homepage = nil
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+      [licenses, homepage]
+    end
+  end
+end

data/lib/license_finder/package_managers/sbt.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'csv'
+require 'license_finder/package_utils/sbt_dependency_finder'
+module LicenseFinder
+  class Sbt < PackageManager
+    def initialize(options = {})
+      super
+      @include_groups = options[:sbt_include_groups]
+    end
+    def current_packages
+      command = "#{package_management_command} dumpLicenseReport"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
+      raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
+      dependencies = SbtDependencyFinder.new(project_path).dependencies
+      packages = dependencies.flat_map do |text|
+        options = {
+          headers: true
+        }
+        contents = CSV.parse(text, options)
+        contents.map do |row|
+          group_id, name, version = row['Dependency'].split('#').map(&:strip)
+          spec = {
+            'artifactId' => name,
+            'groupId' => group_id,
+            'version' => version,
+            'licenses' => [{ 'name' => row['License'] }]
+          }
+          path = File.join("#{Dir.home}/.ivy2/cache", "#{spec['groupId']}/#{spec['artifactId']}")
+          SbtPackage.new(spec, logger: logger, include_groups: @include_groups, install_path: path)
+        end
+      end
+      packages.uniq
+    end
+    def package_management_command
+      'sbt'
+    end
+    def possible_package_paths
+      [project_path.join('build.sbt')]
+    end
+  end
+end

data/lib/license_finder/package_managers/spm.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+require 'json'
+module LicenseFinder
+  class Spm < PackageManager
+    class SpmError < RuntimeError; end
+    def current_packages
+      unless File.exist?(workspace_state_path)
+        raise SpmError, 'No checked-out SPM packages found.
+          Please install your dependencies first.'
+      end
+      workspace_state = JSON.parse(IO.read(workspace_state_path))
+      workspace_state['object']['dependencies'].map do |dependency|
+        package_ref = dependency['packageRef']
+        checkout_state = dependency['state']['checkoutState']
+        subpath = dependency['subpath']
+        package_name = package_ref['name']
+        package_version = checkout_state['version'] || checkout_state['revision']
+        homepage = package_ref['path']
+        SpmPackage.new(
+          package_name,
+          package_version,
+          license_text(subpath),
+          logger: logger,
+          install_path: project_checkout(subpath),
+          homepage: homepage
+        )
+      end
+    end
+    def package_management_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild' : 'swift'
+    end
+    def prepare_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild -resolvePackageDependencies' : 'swift package resolve'
+    end
+    def possible_package_paths
+      [workspace_state_path]
+    end
+    private
+    def resolved_package
+      if File.exist?(resolved_path)
+        @resolved_file ||= IO.read(resolved_path)
+      else
+        raise SpmError, 'No Package.resolved found.
+          Please install your dependencies first and provide it via environment variable
+          SPM_PACKAGE_RESOLVED'
+      end
+    end
+    def resolved_path
+      # Xcode projects have SPM packages info under project's derived data location
+      derived_data_folder = ENV['SPM_DERIVED_DATA']
+      if derived_data_folder
+        pathname = Pathname.new(derived_data_folder)
+        pathname.absolute? ? pathname : project_path.join(derived_data_folder)
+      else
+        project_path.join('.build')
+      end
+    end
+    def workspace_state_path
+      resolved_path.join('workspace-state.json')
+    end
+    def license_text(subpath)
+      license_path = license_pattern(subpath).find { |f| File.exist?(f) }
+      license_path.nil? ? nil : IO.read(license_path)
+    end
+    def project_checkout(subpath)
+      resolved_path.join('checkouts', subpath)
+    end
+    def license_pattern(subpath)
+      checkout_path = project_checkout(subpath)
+      Dir.glob(checkout_path.join('LICENSE*'), File::FNM_CASEFOLD)
+    end
+    def name_version_from_line(cartfile_line)
+      cartfile_line.split(' ')[1, 2].map { |f| f.split('/').last.delete('"').gsub('.git', '') }
+    end
+  end
+end

data/lib/license_finder/package_managers/trash.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Trash < PackageManager
+    class << self
+      def package_management_command
+        'trash'
+      end
+      def takes_priority_over
+        Go15VendorExperiment
+      end
+    end
+    def prepare_command
+      'trash'
+    end
+    def possible_package_paths
+      [project_path.join('vendor.conf')]
+    end
+    def current_packages
+      dependencies_path = project_path.join('trash.lock')
+      YAML.load_file(dependencies_path).fetch('import').map do |package_hash|
+        import_path = package_hash.fetch('package')
+        license_path = project_path.join('vendor', import_path)
+        GoPackage.from_dependency({
+                                    'ImportPath' => import_path,
+                                    'InstallPath' => license_path,
+                                    'Rev' => package_hash.fetch('version'),
+                                    'Homepage' => repo_name(import_path)
+                                  }, nil, true)
+      end
+    end
+    def repo_name(name)
+      name.split('/')[0..2].join('/')
+    end
+  end
+end

data/lib/license_finder/package_managers/yarn.rb ADDED Viewed

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+module LicenseFinder
+  class Yarn < PackageManager
+    SHELL_COMMAND = 'yarn licenses list --no-progress --json'
+    def possible_package_paths
+      [project_path.join('yarn.lock')]
+    end
+    def current_packages
+      cmd = "#{Yarn::SHELL_COMMAND}#{production_flag}"
+      suffix = " --cwd #{project_path}" unless project_path.nil?
+      cmd += suffix unless suffix.nil?
+      stdout, _stderr, status = Cmd.run(cmd)
+      return [] unless status.success?
+      packages = []
+      incompatible_packages = []
+      json_strings = stdout.encode('ASCII', invalid: :replace, undef: :replace, replace: '?').split("\n")
+      json_objects = json_strings.map { |json_object| JSON.parse(json_object) }
+      if json_objects.last['type'] == 'table'
+        license_json = json_objects.pop['data']
+        packages = packages_from_json(license_json)
+      end
+      json_objects.each do |json_object|
+        match = /(?<name>[\w,\-]+)@(?<version>(\d+\.?)+)/ =~ json_object['data'].to_s
+        if match
+          package = YarnPackage.new(name, version, spec_licenses: ['unknown'])
+          incompatible_packages.push(package)
+        end
+      end
+      packages + incompatible_packages.uniq
+    end
+    def prepare
+      prep_cmd = "#{prepare_command}#{production_flag}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+    def self.takes_priority_over
+      NPM
+    end
+    def package_management_command
+      'yarn'
+    end
+    def prepare_command
+      'yarn install --ignore-engines --ignore-scripts'
+    end
+    private
+    def packages_from_json(json_data)
+      body = json_data['body']
+      head = json_data['head']
+      packages = body.map do |json_package|
+        Hash[head.zip(json_package)]
+      end
+      valid_packages = filter_yarn_internal_package(packages)
+      valid_packages.map do |package_hash|
+        YarnPackage.new(
+          package_hash['Name'],
+          package_hash['Version'],
+          spec_licenses: [package_hash['License']],
+          homepage: package_hash['VendorUrl'],
+          authors: package_hash['VendorName'],
+          install_path: project_path.join(modules_folder, package_hash['Name'])
+        )
+      end
+    end
+    def modules_folder
+      return @modules_folder if @modules_folder
+      stdout, _stderr, status = Cmd.run('yarn config get modules-folder')
+      @modules_folder = 'node_modules' if !status.success? || stdout.strip == 'undefined'
+      @modules_folder ||= stdout.strip
+    end
+    # remove fake package created by yarn [Yarn Bug]
+    def filter_yarn_internal_package(all_packages)
+      internal_package_pattern = /workspace-aggregator-[a-zA-z0-9]{8}-[a-zA-z0-9]{4}-[a-zA-z0-9]{4}-[a-zA-z0-9]{4}-[a-zA-z0-9]{12}/
+      yarn_internal_package = all_packages.find { |package| internal_package_pattern.match(package['Name']) }
+      all_packages - [yarn_internal_package]
+    end
+    def production_flag
+      return '' if @ignored_groups.nil?
+      @ignored_groups.include?('devDependencies') ? ' --production' : ''
+    end
+  end
+end

data/lib/license_finder/package_utils/activation.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module LicenseFinder
+  module Activation
+    # An Activation reports that a license has been activated for a package, and
+    # tracks the source of that information
+    Basic = Struct.new(:package, :license)
+    class FromDecision < Basic
+      def sources
+        ['from decision']
+      end
+    end
+    class FromSpec < Basic
+      def sources
+        ['from spec']
+      end
+    end
+    class FromFiles < Basic
+      def initialize(package, license, files)
+        super(package, license)
+        @files = files
+      end
+      attr_reader :files
+      def sources
+        files.map { |file| "from file '#{file.path}'" }
+      end
+    end
+    class None < Basic
+      def sources
+        []
+      end
+    end
+  end
+end