license_finder 3.0.0 → 3.0.1

data/spec/fixtures/npm-circular-licenses/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "license_finder_test",
+  "version": "0.0.1",
+  "description": "",
+  "main": "index.js",
+  "dependencies": {
+    "node-polyglot": "^2.0.0"
+  },
+  "devDependencies": {
+    "enzyme": "^2.8.2"
+  },
+  "scripts": {},
+  "repository": {},
+  "author": "",
+  "license": "MIT",
+  "bugs": {},
+  "private": true,
+  "engines": {
+    "node": "^6.11.0",
+    "yarn": "^0.24.6",
+    "npm": "^5.0.3"
+  }
+}

data/spec/lib/license_finder/cli/main_spec.rb

@@ -12,9 +12,10 @@ module LicenseFinder
         )
       end
       let(:configuration) { double(:configuration, valid_project_path?: true) }
-      let(:license_finder_instance) { double(:license_finder, unapproved: [unapproved_dependency], blacklisted: [], project_name: 'taco stand', config: configuration) }
+      let(:found_any_packages) { true }
+      let(:license_finder_instance) { double(:license_finder, unapproved: unapproved_dependencies, blacklisted: [], project_name: 'taco stand', config: configuration, any_packages?: found_any_packages) }
       let(:license) { double(:license, name: "thing") }
-      let(:unapproved_dependency) { double(:dependency, name: "a dependency", version: "2.4.1", missing?: false, licenses: [license]) }
+      let(:unapproved_dependencies) { [double(:dependency, name: "a dependency", version: "2.4.1", missing?: false, licenses: [license])] }
 
       before do
         allow(Decisions).to receive(:fetch_saved) { decisions }
@@ -24,7 +25,7 @@ module LicenseFinder
       describe "default" do
         it "checks for action items" do
           decisions.add_package("a dependency", nil)
-          expect_any_instance_of(LicenseFinder::Core).to receive(:unapproved).and_return([unapproved_dependency])
+          expect_any_instance_of(LicenseFinder::Core).to receive(:unapproved).and_return(unapproved_dependencies)
           silence_stdout do
             expect { described_class.start(["--quiet"]) }.to raise_error(SystemExit)
           end
@@ -183,6 +184,21 @@ module LicenseFinder
           subject.action_items
         end
 
+        context "with a directory that doesn't have any detected packages" do
+          let(:found_any_packages) { false }
+
+          before do
+            allow(LicenseFinder::Core).to receive(:new).and_return(license_finder_instance)
+          end
+
+          it "reports that no dependencies were recognized" do
+            result = capture_stdout do
+              expect { action_items }.to raise_error(SystemExit)
+            end
+            expect(result).to match /no dependencies recognized/i
+          end
+        end
+
         context "with unapproved dependencies" do
           let(:packages) { [Package.new('one dependency')] }
 
@@ -207,11 +223,19 @@ module LicenseFinder
           end
         end
 
-        it "reports that all dependencies are approved" do
-          result = capture_stdout do
-            expect { action_items }.not_to raise_error
+        context "with no unapproved dependencies" do
+          let(:unapproved_dependencies) {[]}
+
+          before do
+            allow(LicenseFinder::Core).to receive(:new).and_return(license_finder_instance)
+          end
+
+          it "reports that all dependencies are approved" do
+            result = capture_stdout do
+              expect { action_items }.not_to raise_error
+            end
+            expect(result).to match /approved/i
           end
-          expect(result).to match /approved/i
         end
       end
     end

data/spec/lib/license_finder/core_spec.rb

@@ -31,6 +31,7 @@ module LicenseFinder
           gradle_command: configuration.gradle_command,
           gradle_include_groups: nil,
           maven_include_groups: nil,
+          maven_options: nil,
           rebar_command: configuration.rebar_command,
           rebar_deps_dir: configuration.rebar_deps_dir
         }

data/spec/lib/license_finder/decision_applier_spec.rb

@@ -2,6 +2,14 @@ require 'spec_helper'
 
 module LicenseFinder
   describe DecisionApplier do
+    it "reports nothing found" do
+      decision_applier = described_class.new(
+        decisions: Decisions.new,
+        packages: []
+      )
+      expect(decision_applier.any_packages?).to be false
+    end
+
     describe "#acknowledged" do
       it "combines manual and system packages" do
         decision_applier = described_class.new(

data/spec/lib/license_finder/package_managers/go_dep_spec.rb

@@ -73,21 +73,21 @@ module LicenseFinder
       context 'when there are duplicate dependencies' do
         let(:content) do
           '{
-	           "ImportPath": "github.com/foo/bar",
-	           "GoVersion": "go1.3",
-	           "Deps": [
-	           	{
-	           		"ImportPath": "github.com/foo/baz/sub1",
-	           		"Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
-	           	},
-	           	{
-	           		"ImportPath": "github.com/foo/baz/sub2",
-	           		"Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
-	           	},
-	           	{
-	           		"ImportPath": "github.com/foo/baz/sub3",
-	           		"Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
-	           	}
+               "ImportPath": "github.com/foo/bar",
+               "GoVersion": "go1.3",
+               "Deps": [
+                {
+                    "ImportPath": "github.com/foo/baz/sub1",
+                    "Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
+                },
+                {
+                    "ImportPath": "github.com/foo/baz/sub2",
+                    "Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
+                },
+                {
+                    "ImportPath": "github.com/foo/baz/sub3",
+                    "Rev": "28838aae6e8158e3695cf90e2f0ed2498b68ee1d"
+                }
             ]
           }'
         end
@@ -101,11 +101,12 @@ module LicenseFinder
 
       context 'when dependencies are not vendored' do
         before do
+          @orig_gopath = ENV['GOPATH']
           ENV['GOPATH'] = '/fake/go/path'
         end
 
         after do
-          ENV['GOPATH'] = nil
+          ENV['GOPATH'] = @orig_gopath
         end
 
         it 'should return an array of packages' do

data/spec/lib/license_finder/package_managers/npm_spec.rb

@@ -86,9 +86,14 @@ module LicenseFinder
       include FakeFS::SpecHelpers
       before do
         NPM.instance_variable_set(:@modules, nil)
+        FileUtils.mkdir_p(Dir.tmpdir)
         FileUtils.mkdir_p(root)
         File.write(File.join(root, "package.json"), package_json)
-        allow(npm).to receive(:capture).with(/npm/).and_return([dependency_json, true])
+        allow(npm).to receive(:capture) do |command|
+          filename = command.scan(/> (.*)$/).last.first
+          File.write(filename, dependency_json)
+          ['', true]
+        end
       end
 
       it 'fetches data from npm' do
@@ -117,7 +122,11 @@ module LicenseFinder
         JSON
 
         allow(Dir).to receive(:chdir).with(Pathname('/fake-node-project')) { |&block| block.call }
-        allow(npm).to receive(:capture).with('npm list --json --long').and_return([json, true])
+        allow(npm).to receive(:capture) do |command|
+          filename = command.scan(/> (.*)$/).last.first
+          File.write(filename, json)
+          ['', true]
+        end
 
         current_packages = npm.current_packages
         expect(current_packages.map(&:name)).to eq([])
@@ -129,10 +138,35 @@ module LicenseFinder
       end
 
       it "does not fail when command fails but produces output" do
-        allow(npm).to receive(:capture).with(/npm/).and_return('{"foo":"bar"}', false).once
+        allow(npm).to receive(:capture) do |command|
+          filename = command.scan(/> (.*)$/).last.first
+          File.write(filename, '{"foo":"bar"}')
+          ['', false]
+        end
         silence_stderr { npm.current_packages }
       end
 
+      context "npm circular license edge case - GH#307" do
+        let(:package_json) do
+          FakeFS.without do
+            File.read fixture_path "npm-circular-licenses/package.json"
+          end
+        end
+        let(:dependency_json) do
+          FakeFS.without do
+            File.read fixture_path "npm-circular-licenses/npm-list.json"
+          end
+        end
+
+        describe ".current_packages" do
+          it "correctly navigates the dependencies tree and pulls out valid information" do
+            FakeFS::FileSystem.clone(File.expand_path('../../../../../lib/license_finder/license/templates', __FILE__))
+              expect(npm.current_packages.find {|p| p.name == "has"}.licenses.map(&:name)).to eq ["MIT"]
+              expect(npm.current_packages.find {|p| p.name == "function-bind"}.licenses.map(&:name)).to eq ["MIT"]
+          end
+        end
+      end
+
       context "npm recursive dependency edge case - GH#211" do
         let(:package_json) do
           FakeFS.without do

data/spec/lib/license_finder/package_managers/nuget_spec.rb

@@ -54,11 +54,22 @@ module LicenseFinder
           FileUtils.touch 'app/vendor/package.nupkg'
         end
 
-        it "returns vendored director" do
+        it "returns vendored directory" do
           nuget = Nuget.new project_path: Pathname.new("app")
           expect(nuget.package_path).to eq Pathname('/app/vendor')
         end
       end
+
+      context 'when vendor and .nuget are not present but a packages directory exists' do
+        before do
+          FileUtils.mkdir_p 'app/packages'
+        end
+
+        it "returns the packages directory" do
+          nuget = Nuget.new project_path: Pathname.new("app")
+          expect(nuget.package_path).to eq Pathname('app/packages')
+        end
+      end
     end
 
     describe "#current_packages" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.0.1
 platform: ruby
 authors:
 - Jacob Maine
@@ -20,7 +20,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-16 00:00:00.000000000 Z
+date: 2017-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -92,6 +92,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: yajl-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: with_env
   requirement: !ruby/object:Gem::Requirement
@@ -463,6 +477,8 @@ files:
 - spec/fixtures/license_names/Mit-License
 - spec/fixtures/license_names/README.rdoc
 - spec/fixtures/nested_gem/vendor/LICENSE
+- spec/fixtures/npm-circular-licenses/npm-list.json
+- spec/fixtures/npm-circular-licenses/package.json
 - spec/fixtures/npm-recursive-dependencies/npm-list.json
 - spec/fixtures/npm-recursive-dependencies/package.json
 - spec/fixtures/utf8_gem/README
@@ -500,7 +516,6 @@ files:
 - spec/lib/license_finder/package_managers/maven_package_spec.rb
 - spec/lib/license_finder/package_managers/maven_spec.rb
 - spec/lib/license_finder/package_managers/merged_package_spec.rb
-- spec/lib/license_finder/package_managers/npm_package_spec.rb
 - spec/lib/license_finder/package_managers/npm_spec.rb
 - spec/lib/license_finder/package_managers/nuget_package_spec.rb
 - spec/lib/license_finder/package_managers/nuget_spec.rb
@@ -544,7 +559,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.
@@ -632,6 +647,8 @@ test_files:
 - spec/fixtures/license_names/Mit-License
 - spec/fixtures/license_names/README.rdoc
 - spec/fixtures/nested_gem/vendor/LICENSE
+- spec/fixtures/npm-circular-licenses/npm-list.json
+- spec/fixtures/npm-circular-licenses/package.json
 - spec/fixtures/npm-recursive-dependencies/npm-list.json
 - spec/fixtures/npm-recursive-dependencies/package.json
 - spec/fixtures/utf8_gem/README
@@ -669,7 +686,6 @@ test_files:
 - spec/lib/license_finder/package_managers/maven_package_spec.rb
 - spec/lib/license_finder/package_managers/maven_spec.rb
 - spec/lib/license_finder/package_managers/merged_package_spec.rb
-- spec/lib/license_finder/package_managers/npm_package_spec.rb
 - spec/lib/license_finder/package_managers/npm_spec.rb
 - spec/lib/license_finder/package_managers/nuget_package_spec.rb
 - spec/lib/license_finder/package_managers/nuget_spec.rb

data/spec/lib/license_finder/package_managers/npm_package_spec.rb

@@ -1,56 +0,0 @@
-require 'spec_helper'
-
-module LicenseFinder
-  describe NpmPackage do
-    subject do
-      described_class.new(
-        "name" => "jasmine-node",
-        "version" => "1.3.1",
-        "description" => "a description",
-        "readme" => "a readme",
-        "path" => "some/node/package/path",
-        "homepage" => "a homepage",
-        "dependencies" => {
-          "coffee-script" => {
-            "name" => "coffee-script",
-          }
-        }
-      )
-    end
-
-    its(:name) { should == "jasmine-node" }
-    its(:version) { should == "1.3.1" }
-    its(:summary) { should eq "" }
-    its(:description) { should == "a description" }
-    its(:homepage) { should == "a homepage" }
-    its(:groups) { should == [] } # TODO: put devDependencies in 'dev' group?
-    its(:children) { should == ["coffee-script"] }
-    its(:install_path) { should eq "some/node/package/path" }
-    its(:package_manager) { should eq 'Npm' }
-
-    describe '#license_names_from_spec' do
-      let(:node_module1) { {"license" => "MIT"} }
-      let(:node_module2) { {"licenses" => [{"type" => "BSD"}]} }
-      let(:node_module3) { {"license" => {"type" => "PSF"}} }
-      let(:node_module4) { {"licenses" => ["MIT"]} }
-      let(:misdeclared_node_module) { {"licenses" => {"type" => "MIT"}} }
-
-      it 'finds the license for both license structures' do
-        package = NpmPackage.new(node_module1)
-        expect(package.license_names_from_spec).to eq ["MIT"]
-
-        package = NpmPackage.new(node_module2)
-        expect(package.license_names_from_spec).to eq ["BSD"]
-
-        package = NpmPackage.new(node_module3)
-        expect(package.license_names_from_spec).to eq ["PSF"]
-
-        package = NpmPackage.new(node_module4)
-        expect(package.license_names_from_spec).to eq ["MIT"]
-
-        package = NpmPackage.new(misdeclared_node_module)
-        expect(package.license_names_from_spec).to eq ["MIT"]
-      end
-    end
-  end
-end