license_finder 6.12.2 → 6.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c85ec7cd64df538fe5b99e3984a2ef369c8c09d73c7c07ac72ed39b246054dc1
-  data.tar.gz: 3c22d0d435a980d2a7853492f7043c7fabc67a2e8a6fede8fc74abdd86b8d4fe
+  metadata.gz: e0f3198afeab037eb2406cca40c96d108109195d56061b050d71885d034b2e3f
+  data.tar.gz: ffd412a79598a92e58ae9283a3edc3ed69e18fabfda33bc3edafcc5045b51391
 SHA512:
-  metadata.gz: f2f62d260d5d8a3f6090f4ceefa4ab1145b301b35cdd2489049936739a2aea3553b30ab112996c04c27c6dd2bcf3fe0f010f6d5b8eedb1e8ea5b22960d4534c2
-  data.tar.gz: 58f912ce7df4de805fb8a6b80ff1fb39608254bb9e955618d4b8b96d9b2c5a9f1e65b03701f96057b848338c44a3d1eb444c4e09f19f7d8be19f6f1ccbc7a774
+  metadata.gz: 2ffa007a078fcc4f805c8d8b2ab5f0310d11977e3ab0c890dbf200cebca6a687bbde42a1159cb971897162882821f2663278ee2e7f24652f3ecb550b6f42894a
+  data.tar.gz: e3a8f9809ab13005912da13899d1b9f6078d918afa83ad4f5a11766e00813df1539d42d2b0103807a81f362ac4b15c0bf6b3ad7a8a1d7984b43c826f788baf1b

data/CHANGELOG.md

@@ -1,3 +1,36 @@
+# [6.15.0] / 2021-12-17
+
+### Fixed
+* Fix docker Conan and swift - [66031df9](https://github.com/pivotal/LicenseFinder/commit/66031df912c2e1e21aa794a4b897fc61c9ec6b02) 
+
+# [6.14.2] / 2021-10-27
+
+### Added
+* Zlib License - [0f004b52](https://github.com/pivotal/LicenseFinder/commit/0f004b528d436b4d53db8bd373ede0594c07d9e8) - blooper05
+
+# [6.14.1] / 2021-06-25
+
+First two commit were supposed to show up in v6.14.0, but GPG bug prevented a correct build. Therefore, a follow up patch build was made to include the GPG fix.
+
+### Changed
+* Upgrade Docker image to use Ubuntu Bionic [#178471230] [1c12588c](https://github.com/pivotal/LicenseFinder/commit/1c12588cceecb8b7350d090c85b519b24bcc6682)
+* Update the default timezone to GMT [#178471230] - [9fcab84](https://github.com/pivotal/LicenseFinder/commit/9fcab84605cda81e7f276d3c567d14409e371333)
+* Use local copy of Swift puglic GPG keys [#178674224] - [4db4b3e](https://github.com/pivotal/LicenseFinder/commit/4db4b3e5980ca52019549d74da574a2342a7846e)
+
+### Added 
+* Added --npm_options option to customize npm behavior. [b8457a62](https://github.com/pivotal/LicenseFinder/commit/b8457a62e7b531294934364d1e5f72cd78a7686a) - Alexander-Malott 
+
+### Security
+* Fix issue where commands could be injected running on Cocoapods projects. [b0a61a2d](https://github.com/pivotal/LicenseFinder/commit/b0a61a2d833921c714cc39cdda8ba80af3f33d04)
+
+  Thanks to Joern SchneeweiszStaff Security Engineer, Security Research | GitLab for raising the issue
+
+
+# [6.13.0] / 2021-04-27
+
+### Fixed
+* Ignore packages with nil modules - [4eca0ec1](https://github.com/pivotal/LicenseFinder/commit/4eca0ec15dc6266afa48b74b3742278351246eb8) 
+
 # [6.12.2] / 2021-04-14
 
 ### Changed
@@ -948,3 +981,7 @@ Bugfixes:
 [6.12.0]: https://github.com/pivotal/LicenseFinder/compare/v6.11.0...v6.12.0
 [6.12.1]: https://github.com/pivotal/LicenseFinder/compare/v6.12.0...v6.12.1
 [6.12.2]: https://github.com/pivotal/LicenseFinder/compare/v6.12.1...v6.12.2
+[6.13.0]: https://github.com/pivotal/LicenseFinder/compare/v6.12.2...v6.13.0
+[6.14.1]: https://github.com/pivotal/LicenseFinder/compare/v6.13.0...v6.14.1
+[6.14.2]: https://github.com/pivotal/LicenseFinder/compare/v6.14.1...v6.14.2
+[6.15.0]: https://github.com/pivotal/LicenseFinder/compare/v6.14.2...v6.15.0

data/Dockerfile

@@ -1,4 +1,6 @@
-FROM ubuntu:xenial
+FROM ubuntu:bionic
+
+WORKDIR /tmp
 
 # Versioning
 ENV PIP_INSTALL_VERSION 19.0.2
@@ -18,7 +20,8 @@ RUN apt-get update && apt-get install -y \
   sudo \
   unzip \
   wget \
-  gnupg2 \ 
+  gnupg2 \
+  apt-utils \
   software-properties-common \
   bzr
 
@@ -76,7 +79,6 @@ RUN mkdir -p /usr/local/share/sbt-launcher-packaging && \
     rm -f "/tmp/sbt-${SBT_VERSION}.tgz"
 
 # install gradle
-WORKDIR /tmp
 RUN curl -L -o gradle.zip https://services.gradle.org/distributions/gradle-$GRADLE_VERSION-bin.zip && \
     unzip -q gradle.zip && \
     rm gradle.zip && \
@@ -102,6 +104,7 @@ RUN mkdir /gopath && \
   go get -u github.com/rancher/trash && \
   go clean -cache
 
+WORKDIR /tmp
 # Fix the locale
 RUN apt-get install -y locales
 RUN locale-gen en_US.UTF-8
@@ -109,11 +112,16 @@ ENV LANG=en_US.UTF-8
 ENV LANGUAGE=en_US:en
 ENV LC_ALL=en_US.UTF-8
 
+# install Cargo
+RUN curl https://sh.rustup.rs -sSf | bash -ls -- -y --profile minimal
+
 #install rvm
 RUN apt-add-repository -y ppa:rael-gc/rvm && \
     apt update && apt install -y rvm && \
     /usr/share/rvm/bin/rvm install --default $RUBY_VERSION
-ENV PATH=/usr/share/rvm/bin:$PATH
+
+# install bundler
+RUN bash -lc "gem update --system && gem install bundler"
 
 #install mix
 RUN wget https://packages.erlang-solutions.com/erlang-solutions_${MIX_VERSION}_all.deb && \
@@ -123,41 +131,40 @@ RUN wget https://packages.erlang-solutions.com/erlang-solutions_${MIX_VERSION}_a
     sudo apt-get install -y esl-erlang && \
     sudo apt-get install -y elixir
 
-# install bundler
-RUN bash -lc "gem update --system && gem install bundler"
-
 # install conan
 RUN apt-get install -y python-dev && \
 	pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
 	    --ignore-installed requests --ignore-installed chardet \
 	    --ignore-installed urllib3 \
 	    --upgrade setuptools && \
-    pip install --no-cache-dir -Iv conan==1.11.2
+    pip install --no-cache-dir -Iv conan==1.43.0 && \
+    conan config install https://github.com/conan-io/conanclientcert.git
 
-# install Cargo
-RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --profile minimal
 
 # install NuGet (w. mono)
 # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF &&\
-  echo "deb https://download.mono-project.com/repo/ubuntu stable-xenial main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
+  echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
   apt-get update &&\
   apt-get install -y mono-complete &&\
   curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
   curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
 
 # install dotnet core
-WORKDIR /tmp
-RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb &&\
+RUN wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb &&\
   sudo dpkg -i packages-microsoft-prod.deb &&\
   rm packages-microsoft-prod.deb &&\
   sudo apt-get update &&\
   sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
 
 # install Composer
+# The ARG and ENV are for installing tzdata which is part of this installaion.
+# https://serverfault.com/questions/949991/how-to-install-tzdata-on-a-ubuntu-docker-image
+ENV TZ=GMT
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
-    echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
+    echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu bionic main" | sudo tee /etc/apt/sources.list.d/php.list &&\
     apt-get update &&\
+    export DEBIAN_FRONTEND=noninteractive &&\
     apt-get install -y php7.4-cli &&\
     EXPECTED_COMPOSER_INSTALLER_CHECKSUM="$(curl --silent https://composer.github.io/installer.sig)" &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
@@ -170,7 +177,6 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
 # install miniconda
 # See https://docs.conda.io/en/latest/miniconda_hashes.html
 # for latest versions and SHAs.
-WORKDIR /tmp
 RUN  \
   conda_installer=Miniconda3-py38_4.9.2-Linux-x86_64.sh &&\
   ref='1314b90489f154602fd794accfc90446111514a5a72fe1f71ab83e07de9504a7' &&\
@@ -179,6 +185,61 @@ RUN  \
   ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
   (echo; echo "yes") | sh "${conda_installer}"
 
+# install Swift Package Manager
+# Based on https://github.com/apple/swift-docker/blob/main/5.3/ubuntu/18.04/Dockerfile
+# The GPG download steps has been modified. Keys are now on LF repo and copied instaad of downloaded.
+# Refer to https://swift.org/download/#using-downloads in the Linux section on how to download the keys
+RUN apt-get -q install -y \
+    libatomic1 \
+    libcurl4 \
+    libxml2 \
+    libedit2 \
+    libsqlite3-0 \
+    libc6-dev \
+    binutils \
+    libgcc-5-dev \
+    libstdc++-5-dev \
+    zlib1g-dev \
+    libpython2.7 \
+    tzdata \
+    git \
+    pkg-config \
+    && rm -r /var/lib/apt/lists/*
+
+# pub   4096R/ED3D1561 2019-03-22 [SC] [expires: 2023-03-23]
+#       Key fingerprint = A62A E125 BBBF BB96 A6E0  42EC 925C C1CC ED3D 1561
+# uid                  Swift 5.x Release Signing Key <swift-infrastructure@swift.org
+ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561
+ARG SWIFT_PLATFORM=ubuntu18.04
+ARG SWIFT_BRANCH=swift-5.3.3-release
+ARG SWIFT_VERSION=swift-5.3.3-RELEASE
+ARG SWIFT_WEBROOT=https://download.swift.org
+
+ENV SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \
+    SWIFT_PLATFORM=$SWIFT_PLATFORM \
+    SWIFT_BRANCH=$SWIFT_BRANCH \
+    SWIFT_VERSION=$SWIFT_VERSION \
+    SWIFT_WEBROOT=$SWIFT_WEBROOT
+
+COPY swift-all-keys.asc .
+RUN set -e; \
+    SWIFT_WEBDIR="$SWIFT_WEBROOT/$SWIFT_BRANCH/$(echo $SWIFT_PLATFORM | tr -d .)" \
+    && SWIFT_BIN_URL="$SWIFT_WEBDIR/$SWIFT_VERSION/$SWIFT_VERSION-$SWIFT_PLATFORM.tar.gz" \
+    && SWIFT_SIG_URL="$SWIFT_BIN_URL.sig" \
+    # - Grab curl here so we cache better up above
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -q update && apt-get -q install -y curl && rm -rf /var/lib/apt/lists/* \
+    # - Download the GPG keys, Swift toolchain, and toolchain signature, and verify.
+    && export GNUPGHOME="$(mktemp -d)" \
+    && curl -fsSL "$SWIFT_BIN_URL" -o swift.tar.gz "$SWIFT_SIG_URL" -o swift.tar.gz.sig \
+    && gpg --import swift-all-keys.asc \
+    && gpg --batch --verify swift.tar.gz.sig swift.tar.gz \
+    # - Unpack the toolchain, set libs permissions, and clean up.
+    && tar -xzf swift.tar.gz --directory / --strip-components=1 \
+    && chmod -R o+r /usr/lib/swift \
+    && rm -rf "$GNUPGHOME" swift.tar.gz.sig swift.tar.gz \
+    set +e
+
 # install license_finder
 COPY . /LicenseFinder
 RUN bash -lc "cd /LicenseFinder && bundle config set no-cache 'true' && bundle install -j4 && rake install"

data/README.md

@@ -44,7 +44,7 @@ and give you an actionable exception report.
 ### Experimental project types
 
 * Erlang (via `rebar` and `Erlang.mk`)
-* Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
+* Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager)
 * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
 * Elixir (via `mix`)
 * Golang (via `gvt`, `glide`,`dep`, `trash` and `govendor`)
@@ -176,6 +176,7 @@ languages, as long as that language has a package definition in the project dire
 * `bower.json` (for `bower`)
 * `Podfile` (for `pod`)
 * `Cartfile` (for `carthage`)
+* `workspace-state.json` under build directory (provided as enviroment variable `SPM_DERIVED_DATA` for Xcode, or default `.build` for non-Xcode projects), (for `spm`)
 * `rebar.config` (for `rebar`)
 * `Erlang.mk` or `erlang.mk` file (for `Erlang.mk`)
 * `mix.exs` (for `mix`)

data/VERSION

@@ -1 +1 @@
-6.12.2
+6.15.0

data/bin/license_finder_pip.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python
-
 import json
 import sys
 
@@ -21,12 +20,16 @@ except ImportError:
 from pip._vendor import pkg_resources
 from pip._vendor.six import print_
 
+
 reqs = []
 for req in parse_requirements(sys.argv[1], session=PipSession()):
-    if req.req == None or (req.markers != None and not req.markers.evaluate()): continue
-    reqs.append(req)
-
-requirements = [pkg_resources.Requirement.parse(str(req.req)) for req in reqs]
+    try:
+        if req.req is not None and (req.markers is None or req.markers.evaluate()):
+            reqs.append(pkg_resources.Requirement.parse(str(req.req)))
+    except AttributeError:
+        # Since pip 20.1 (pip now takes care of markers at the resolve step)
+        if req.requirement is not None:
+            reqs.append(pkg_resources.Requirement.parse(str(req.requirement)))
 
 transform = lambda dist: {
         'name': dist.project_name,
@@ -35,7 +38,6 @@ transform = lambda dist: {
         'dependencies': list(map(lambda dependency: dependency.project_name, dist.requires())),
         }
 
-packages = [transform(dist) for dist
-            in pkg_resources.working_set.resolve(requirements)]
 
+packages = [transform(dist) for dist in pkg_resources.working_set.resolve(reqs)]
 print_(json.dumps(packages))

data/dlf

@@ -1,10 +1,14 @@
 #!/bin/bash
 if `which docker > /dev/null`; then
-	if [ $# -eq 0 ]; then
-  		docker run -v $PWD:/scan -it licensefinder/license_finder
-	else
-  		docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && `echo $@`"
-	fi
+  if [ $# -eq 0 ]; then
+    docker run -v $PWD:/scan -it licensefinder/license_finder
+  else
+    escaped_params=""
+    for p in "$@"; do
+      escaped_params="$escaped_params \"$p\""
+    done
+    docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $escaped_params"
+  fi
 else
   echo "You do not have docker installed. Please install it:"
   echo "    https://docs.docker.com/engine/installation/"

data/lib/license_finder/cli/base.rb

@@ -42,6 +42,7 @@ module LicenseFinder
           :gradle_include_groups,
           :maven_include_groups,
           :maven_options,
+          :npm_options,
           :pip_requirements_path,
           :python_version,
           :rebar_command,

data/lib/license_finder/cli/main.rb

@@ -30,6 +30,7 @@ module LicenseFinder
                           Defaults to 'gradlew' / 'gradlew.bat' if the wrapper is present, otherwise to 'gradle'."
       class_option :maven_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false.'
       class_option :maven_options, desc: 'Maven options to append to command. Defaults to empty.'
+      class_option :npm_options, desc: 'npm options to append to command. Defaults to empty.'
       class_option :pip_requirements_path, desc: 'Path to python requirements file. Defaults to requirements.txt.'
       class_option :python_version, desc: 'Python version to invoke pip with. Valid versions: 2 or 3. Default: 2'
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."

data/lib/license_finder/configuration.rb

@@ -93,6 +93,10 @@ module LicenseFinder
       get(:maven_options)
     end
 
+    def npm_options
+      get(:npm_options)
+    end
+
     def pip_requirements_path
       get(:pip_requirements_path)
     end

data/lib/license_finder/core.rb

@@ -99,6 +99,7 @@ module LicenseFinder
         gradle_include_groups: config.gradle_include_groups,
         maven_include_groups: config.maven_include_groups,
         maven_options: config.maven_options,
+        npm_options: config.npm_options,
         pip_requirements_path: config.pip_requirements_path,
         python_version: config.python_version,
         rebar_command: config.rebar_command,

data/lib/license_finder/license/definitions.rb

@@ -27,7 +27,8 @@ module LicenseFinder
           ruby,
           simplifiedbsd,
           wtfpl,
-          zerobsd
+          zerobsd,
+          zlib
         ]
       end
 
@@ -349,6 +350,17 @@ module LicenseFinder
           matcher: matcher
         )
       end
+
+      def zlib
+        License.new(
+          short_name: 'Zlib',
+          pretty_name: 'zlib/libpng license',
+          other_names: [
+            'zlib License'
+          ],
+          url: 'https://opensource.org/licenses/Zlib'
+        )
+      end
     end
   end
 end

data/lib/license_finder/license/templates/Zlib.txt

@@ -0,0 +1,17 @@
+Copyright (c) <year> <copyright holders>
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; you must not
+   claim that you wrote the original software. If you use this software
+   in a product, an acknowledgment in the product documentation would be
+   appreciated but is not required.
+2. Altered source versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+3. This notice may not be removed or altered from any source distribution.

data/lib/license_finder/license/text.rb

@@ -5,6 +5,7 @@ module LicenseFinder
     module Text
       SPACES = /\s+/.freeze
       QUOTES = /['`"]{1,2}/.freeze
+      YEAR_PLACEHOLDERS = /<year>/.freeze
       PLACEHOLDERS = /<[^<>]+>/.freeze
       SPECIAL_SINGLE_QUOTES = /[‘’]/.freeze
       SPECIAL_DOUBLE_QUOTES = /[“”„«»]/.freeze
@@ -32,6 +33,7 @@ module LicenseFinder
 
       def self.compile_to_regex(text)
         Regexp.new(Regexp.escape(normalize_punctuation(text))
+                       .gsub(YEAR_PLACEHOLDERS, '(\S*)')
                        .gsub(PLACEHOLDERS, '(.*)')
                        .gsub(',', '(,)?')
                        .gsub('HOLDER', '(HOLDER|OWNER)')

data/lib/license_finder/package.rb

@@ -188,6 +188,7 @@ require 'license_finder/packages/maven_package'
 require 'license_finder/packages/gradle_package'
 require 'license_finder/packages/cocoa_pods_package'
 require 'license_finder/packages/carthage_package'
+require 'license_finder/packages/spm_package'
 require 'license_finder/packages/rebar_package'
 require 'license_finder/packages/erlangmk_package'
 require 'license_finder/packages/mix_package'

data/lib/license_finder/package_manager.rb

@@ -165,6 +165,7 @@ require 'license_finder/package_managers/maven'
 require 'license_finder/package_managers/mix'
 require 'license_finder/package_managers/cocoa_pods'
 require 'license_finder/package_managers/carthage'
+require 'license_finder/package_managers/spm'
 require 'license_finder/package_managers/gradle'
 require 'license_finder/package_managers/rebar'
 require 'license_finder/package_managers/erlangmk'

data/lib/license_finder/package_managers/cocoa_pods.rb

@@ -53,7 +53,9 @@ module LicenseFinder
     end
 
     def read_plist(pathname)
-      JSON.parse(`plutil -convert json -o - '#{pathname}'`)
+      transformed_pathname = pathname.gsub!(%r{[^0-9A-Za-z. \-'/]}, '')
+      transformed_pathname = pathname if transformed_pathname.nil?
+      JSON.parse(`plutil -convert json -o - '#{transformed_pathname}'`)
     end
   end
 end

data/lib/license_finder/package_managers/conan.rb

@@ -18,10 +18,10 @@ module LicenseFinder
 
       deps = info_parser.parse(info_output)
       deps.map do |dep|
-        name, version = dep['name'].split('@').first.split('/')
+        name, version = dep['name'].split('/')
         url = dep['URL']
         license_file_path = Dir.glob("#{project_path}/licenses/#{name}/**/LICENSE*").first
-        ConanPackage.new(name, version, File.open(license_file_path).read, url) unless name == 'PROJECT'
+        ConanPackage.new(name, version, File.open(license_file_path).read, url) unless name == 'conanfile.txt'
       end.compact
     end
   end

data/lib/license_finder/package_managers/go_modules.rb

@@ -33,6 +33,8 @@ module LicenseFinder
         # Explanations:
         # * Only list dependencies (packages not listed in the project directory)
         #   (.DepOnly)
+        # * Ignore packages that have nil modules
+        #   (.Module)
         # * Ignore standard library packages
         #   (not .Standard)
         # * Replacement modules are respected
@@ -40,7 +42,7 @@ module LicenseFinder
         # * Module cache directory or (vendored) package directory
         #   (or $mod.Dir .Dir)
         format_str = \
-          '{{ if and (.DepOnly) (not .Standard) }}'\
+          '{{ if and (.DepOnly) (.Module) (not .Standard) }}'\
             '{{ $mod := (or .Module.Replace .Module) }}'\
             '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
           '{{ end }}'

data/lib/license_finder/package_managers/npm.rb

@@ -5,6 +5,11 @@ require 'tempfile'
 
 module LicenseFinder
   class NPM < PackageManager
+    def initialize(options = {})
+      super
+      @npm_options = options[:npm_options]
+    end
+
     def current_packages
       NpmPackage.packages_from_json(npm_json, detected_package_path)
     end
@@ -35,6 +40,7 @@ module LicenseFinder
 
     def npm_json
       command = "#{package_management_command} list --json --long#{production_flag}"
+      command += " #{@npm_options}" unless @npm_options.nil?
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       # we can try and continue if we got an exit status 1 - unmet peer dependency
       raise "Command '#{command}' failed to execute: #{stderr}" if !status.success? && status.exitstatus != 1

data/lib/license_finder/package_managers/spm.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Spm < PackageManager
+    class SpmError < RuntimeError; end
+
+    def current_packages
+      unless File.exist?(workspace_state_path)
+        raise SpmError, 'No checked-out SPM packages found.
+          Please install your dependencies first.'
+      end
+
+      workspace_state = JSON.parse(IO.read(workspace_state_path))
+      workspace_state['object']['dependencies'].map do |dependency|
+        package_ref = dependency['packageRef']
+        checkout_state = dependency['state']['checkoutState']
+
+        subpath = dependency['subpath']
+        package_name = package_ref['name']
+        package_version = checkout_state['version'] || checkout_state['revision']
+        homepage = package_ref['path']
+
+        SpmPackage.new(
+          package_name,
+          package_version,
+          license_text(subpath),
+          logger: logger,
+          install_path: project_checkout(subpath),
+          homepage: homepage
+        )
+      end
+    end
+
+    def package_management_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild' : 'swift'
+    end
+
+    def prepare_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild -resolvePackageDependencies' : 'swift package resolve'
+    end
+
+    def possible_package_paths
+      [workspace_state_path]
+    end
+
+    private
+
+    def resolved_package
+      if File.exist?(resolved_path)
+        @resolved_file ||= IO.read(resolved_path)
+      else
+        raise SpmError, 'No Package.resolved found.
+          Please install your dependencies first and provide it via environment variable
+          SPM_PACKAGE_RESOLVED'
+      end
+    end
+
+    def resolved_path
+      # Xcode projects have SPM packages info under project's derived data location
+      derived_data_folder = ENV['SPM_DERIVED_DATA']
+      if derived_data_folder
+        pathname = Pathname.new(derived_data_folder)
+        pathname.absolute? ? pathname : project_path.join(derived_data_folder)
+      else
+        project_path.join('.build')
+      end
+    end
+
+    def workspace_state_path
+      resolved_path.join('workspace-state.json')
+    end
+
+    def license_text(subpath)
+      license_path = license_pattern(subpath).find { |f| File.exist?(f) }
+      license_path.nil? ? nil : IO.read(license_path)
+    end
+
+    def project_checkout(subpath)
+      resolved_path.join('checkouts', subpath)
+    end
+
+    def license_pattern(subpath)
+      checkout_path = project_checkout(subpath)
+      Dir.glob(checkout_path.join('LICENSE*'), File::FNM_CASEFOLD)
+    end
+
+    def name_version_from_line(cartfile_line)
+      cartfile_line.split(' ')[1, 2].map { |f| f.split('/').last.delete('"').gsub('.git', '') }
+    end
+  end
+end

data/lib/license_finder/package_managers/yarn.rb

@@ -9,7 +9,7 @@ module LicenseFinder
     end
 
     def current_packages
-      cmd = "#{Yarn::SHELL_COMMAND}#{production_flag}"
+      cmd = "#{Yarn::SHELL_COMMAND}#{yarn1_production_flag}"
       suffix = " --cwd #{project_path}" unless project_path.nil?
       cmd += suffix unless suffix.nil?
 
@@ -39,7 +39,7 @@ module LicenseFinder
     end
 
     def prepare
-      prep_cmd = "#{prepare_command}#{production_flag}"
+      prep_cmd = prepare_command.to_s
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
 
@@ -56,11 +56,33 @@ module LicenseFinder
     end
 
     def prepare_command
-      'yarn install --ignore-engines --ignore-scripts'
+      if yarn2_project?
+        yarn2_prepare_command
+      else
+        yarn1_prepare_command
+      end
     end
 
     private
 
+    def yarn2_prepare_command
+      "#{yarn2_production_flag}yarn install"
+    end
+
+    def yarn1_prepare_command
+      "yarn install --ignore-engines --ignore-scripts#{yarn1_production_flag}"
+    end
+
+    def yarn2_project?
+      Dir.chdir(project_path) do
+        version_string, stderr_str, status = Cmd.run('yarn -v')
+        raise "Command 'yarn -v' failed to execute: #{stderr_str}" unless status.success?
+
+        version = version_string.split('.').map(&:to_i)
+        return version[0] >= 2
+      end
+    end
+
     def packages_from_json(json_data)
       body = json_data['body']
       head = json_data['head']
@@ -98,10 +120,16 @@ module LicenseFinder
       all_packages - [yarn_internal_package]
     end
 
-    def production_flag
+    def yarn1_production_flag
       return '' if @ignored_groups.nil?
 
       @ignored_groups.include?('devDependencies') ? ' --production' : ''
     end
+
+    def yarn2_production_flag
+      return '' if @ignored_groups.nil?
+
+      @ignored_groups.include?('devDependencies') ? 'yarn plugin import workspace-tools && yarn workspaces focus --all --production && ' : ''
+    end
   end
 end

data/lib/license_finder/packages/spm_package.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class SpmPackage < Package
+    def initialize(name, version, license_text, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'Spm'
+    end
+  end
+end

data/lib/license_finder/scanner.rb

@@ -5,7 +5,7 @@ module LicenseFinder
     PACKAGE_MANAGERS = [
       GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
       Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv,
-      Conda
+      Conda, Spm
     ].freeze
 
     class << self

data/license_finder.gemspec

@@ -50,7 +50,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'with_env', '1.1.0'
   s.add_dependency 'xml-simple', '~> 1.1.5'
 
-  s.add_development_dependency 'addressable', '2.7.0'
+  s.add_development_dependency 'addressable', '2.8.0'
   s.add_development_dependency 'capybara', '~> 3.15.0'
   s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM =~ /darwin/
   s.add_development_dependency 'fakefs', '~> 1.2.0'

data/swift-all-keys.asc

@@ -0,0 +1,240 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+mQINBFZNNIwBEADNFSwCfUUyXZujWzQCqYLlvRwZkuMUcJQH4NRwC/an9KwilFrz
+pf/+atZFSciMx5R9vOG2odWbwBYU7t8XEd/NYCgyTwMNxAFkuaN1E0b/3mOWwbT5
+91HziQNy0jDUlM28370pyv0rBTHvPbBQlo7BxJbwQXL3rs3KObAnhTG51aLztGds
+OTxZDdpNY07dPGKJevP61l35yZI40tUmCKn/z4sLmX+DoUUplA35SMRnvQjd/pGF
+9BTAFzLfsbN0caBixy++0ZIyK9ep1dezhqisUndE/rNk8KPNAM5zeFA1onzEEGFc
+gk4iZ0N/S7dVb7N4Uhn8C/87E9yUkrzO0Kl+p2zumORiqIvkv9vtHMaKa6rBP/vI
+iG02eiLmaWdDkg7afpJjnC6WrrJoBe/lbDAYrbD5eR4KGHdxMtAdh0sYZrZR8T4m
+gI6alC8PjYY22wiNLeekATobDu5JVQna0525L57gpbLOhSjXk/69HHw/l7d/e6br
+35rmMYGJd/9Q1w/4gMo8tX5m1WaoQxac4tZs8bBRKNP7YJkHmwfVG21h0KA91yFA
+l1BMe9U+gomfqRoBCRXGDl1mHmyGqu59JjpYEP04Xu2dLCu8yt/HHYirMdsKIvHT
+WKm6EvuQ4vFTQbPcdrMltL9yf8xG8EL0oDIbaSAnHI+sY+C30i0S557G3wARAQAB
+tD9Td2lmdCBBdXRvbWF0aWMgU2lnbmluZyBLZXkgIzEgPHN3aWZ0LWluZnJhc3Ry
+dWN0dXJlQHN3aWZ0Lm9yZz6JAj0EEwEKACcFAlZNNIwCGwMFCQPCZwAFCwkIBwMF
+FQoJCAsFFgIDAQACHgECF4AACgkQ1EHJd0ErN63tFA/+N3ANSFFc2FcdimzisPOv
+wBL8xSxQxUdsdELsht6WLh3buTunlIO36Ubo980hXyf6oxsfvMrDsn1eve28cpks
+SXZxLpfQm96753mWICz1WJcoUv1EXpFKuqxb3OJXu6di11NQEtFNd9rM4x7MJQja
+ICr5WXxzX0ObEUxY6xTjMlUyHkmR9ekEEPZUdrwpRFC847bV35vdCtMRztghecBH
+tHMhTEbuYxpjBZ0hqIkLzDAiWenqca2P9YD2sgntTJFfZ3V/oi/REFxj5v5BmNQ2
+wCyppoWDyD+oWJyh5dwuOc+xlYboN5EtIkuhS7/ZuvQipZpeJD7w4pkPO7l2Twal
+aHulJJV5f40gpIniullTC/I6P9HIp94wZ+UPm3/9M4AiO0oB0x4uk+buA7nCZ5Oi
+BaZKwO8nMFQBEaNuqKz+xLeokum3Alcwx3drwi0TlBX+GafrFFHwhdwDGuQsWpGT
+vNl6LEBNduPvs57382W13aiYT/p470M/RuTt6qpLyLVsWmGO5oh8mm/WWGDzza6Q
+2NuUBcs2ZCECvRlEt//689elx7VDbJwE6Mw3V8bosGx8y4XcQYATFqxm7WflbBpo
+5HR9AST2Noc6g4VPepZSgi0T4lRbIsyLml7kIvOQBre4i36br0VLIUairez1mqpm
+sG3P11076R+g/BcL4hg9jXE=
+=ONEK
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFZZS3oBEACbRmmzVwF/Zf/zGEZTGXWzeCjwmYcvCx/aqklIWRFC/PPRwZ53
+rNgeVpEHNu31duF3JCEX/7fL9rmjnW0C2mQCzkvKF+rZNO+jPL/0/fsjVfnSXx+g
+m9yVyPmR0XvR0Kk5PqjR8XH/syNblnCo16fr7YK/JMrGM9E/d+UomomXKALbgebX
+oO0c8eA2Vij4b2BAFr+L54MTzquKqyEru9Ty2PTcIBxcEYqko8i3Ttej6WVMKphW
+J9QNaeVF9mfHuA7zpFlwtfFOrUnA2Qh6IwT+w7o941q4TpzYNVlcR3IV2P51CZrG
+zQAGRvWWmg5yswhyTEJpt0i4eLoqeJrcNZRT8FQjmcXgtdPvSFkJPi39e5LrT23M
+/W5tHvnldFDd4RYQmoO3XcIJzyEe6yXNrcaTT386m2e+cjA0SwZ7l6kHVhMikaS3
+FWccQ9VgWqLHZPd0f9oKdXbMMoIZs0D3F4hoz4oE6xkntEhw3Z3cVrKGpYuhJOKQ
+yPoCaNEpnT9qaTU8BmG/ToUWXZDuhm3FOAOEOOtFFChfy/0+9HnS6Q2aogYuD++o
+6XNSFCwONIRnoHyIRjCA8ce/GNsxpBp7bjUDGLoQJzmki4O/lyxMxS5k0Z4mjLS+
+xZo6OLt8LW5/w3YJUEU6PM88GhA1c3dm+U4mV3oW0QL0WG0b1tSxhLHf+wARAQAB
+tD5Td2lmdCAyLjIgUmVsZWFzZSBTaWduaW5nIEtleSA8c3dpZnQtaW5mcmFzdHJ1
+Y3R1cmVAc3dpZnQub3JnPokCPQQTAQoAJwUCVllLegIbAwUJA8JnAAULCQgHAwUV
+CgkICwUWAgMBAAIeAQIXgAAKCRCfWX9NIaVtX/L3D/9NJVFh9tBYgzwtbhgHTVxq
+U3VKeKUIvvWxETtaYmKsL8BPBwVM2IHDPyiOGczxe7RbpNszoIY/EBKNsI7yOnon
+qrMebQVpzV0wK2WwfHKnXYXXFeWADapwBGEcST7WNwX+la/oJOQtBZpMbBHDia4C
+g7EENIdeWDRHxzl785PSlAOERvaKsPlFk3bolQl/Vhy5YZIe4Mt9KN5LZ2E+xz3Q
+DDplOTi3I2df9Maf9UOxrS7zk2NvHw+5YeqNs7cqp++mjIRQ7/M+PGPx7PZMttBk
+Y7sIn1m3uSZkK2nEWZ91b3pZdr3Sff2Ig1H+ConUqy9w0CqGSqCmY/6QP05J4kpv
+ga1uNmKRJdv/pGHfTaoZ+dubm4+UzGpfzHdEhvmm4gC/+kU+nq5BuhvzO7iWKk0o
+kZOKT642WSsp7TYKp96sMh2xeUbYl/eAHi8nQfGuYeo6n1NaUMtwb8jYusTuISuW
+yWRSKaUanjjKGkl9LTpODWLkXHmqGJhp9l61AQ3fKDQgXuKuglWBfsZOhDRl+oYr
+Q22LzpSd4ISG/gXN3X4ADeuWJpe8d+nvpc6KtuShgRT+KeqrE9BcXfDdEk56I0Xx
++eGb1v4f4nibyiCvw/mBDCRMIqOsc/jyqA9lydLMxv/Us7KNYqh/Dzx7obfRUE6L
+2S6Hfx8PaYq16WXdxd/PBg==
+=5r2z
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFdM2VsBEAC63xLZsLc7HBbJ1V7ak8dGNSDs2ibcaMKAuWU916UWjFX+KlZE
+8ruOVTol1KvA0cac6CX+Fd5SMirpxAaEUbYMwVEMzxOG7NhBp0wAJiO3LWsVoL4z
+G7wIpdPzjxP32qUABpF0Z8uo5zhQL6uaWtmKIhlBlzUmhbxYFzGUuCO8Y94hCH5A
+9l5Oedin3D3/v2T60/B2rygmQ1fC372Peg6m0dR8PCp42Jm+VXjgF4yfGyP4MJPO
+c1gq8AWNQ4Ex1qhQ9E/Mhbn88LvUQ+OO5u3iNw7AflBuvLaLy7VbD+pGpoGv3EdJ
+LsDJg3dU4F9Ii2hLAD5Sushtjx6DwwFJvKFsm7QzG7OTQB0rC9Gtw/MpopafFI0e
+Wo/6xmXnw9GQQ6uS8RoVri6Lfp4IpXdLZ3CMxBeJulmUpBdIFK+/SnyMfYW88tzx
+DbEFpXa6SaksSXjAXuXhUu+h37YdIfWcbE0KUXH848RcRPnTUOBwsqE2UzLQjF3A
+aPV7YIQxNNp0mUsRE+9R6yGhSog77jsu5XusswYEOfSU9p/bkQd5kJ5acTyHDU8A
++q/+O2T6aZqIFOhgXFiRj2TDGlqj4K+LUycpMWzPgn+KWKNnWgbJH1u3xXPnOZjT
+0i1Vm2umWd7OxzThSvlPGlvRLwPKWhdeFL37M3Bg3og1P5TgP7j4HT6Q2QARAQAB
+tD5Td2lmdCAzLnggUmVsZWFzZSBTaWduaW5nIEtleSA8c3dpZnQtaW5mcmFzdHJ1
+Y3R1cmVAc3dpZnQub3JnPokCPQQTAQoAJwUCV0zZWwIbAwUJA8JnAAULCQgHAwUV
+CgkICwUWAgMBAAIeAQIXgAAKCRBjvBz+kdMGxjBhD/9RUFlNP0cG6RJPl51mPCtO
+YMW/y5ssYyWi6u8q44Ccqit4EKjXUaeha4KSWQS9c+7q8bbfxbtl6AEsI+fxx3RA
+mYMjXfPnpjxqJLvwXOzAmG8bZzycdKiC1XBINR3e/Jw4Zu/yj/GtWSG2+OogFfNH
+n5Gg43B8D/fdqQkvlFXVuM0kMKPmAc+S1ikBvprpyjya47EKx5rWSf7pl/gm4jBE
+dBrWdpaBicOQmuv+Vr59rj2/UCWdD/dZRtwB66qn/AIZIgEOLyW2s/Mu9VK5zoNs
+oUZhRpe9t3eH59KbKvU+JdADMhBnUe3r4/HkSbHmPoML56g8RQV4T3LZa2sMt9Z3
+UC7WFr3VfPxXHpI9BhY8HJvaB4ML6PvYuXHP7TYkrSQ9FMoxjHcwEE7cga8BzAHu
+MxCuGrPryHRyApdFOh6oTts8/bjn+sb0VVvnAjFsAjDcBF18s5aI58eGLzLBgRnZ
+jyGvZ20h+I0JE3vDydi3rVEBm/fgkUwTtBuEG/mIwIea9QEcMkv5dq1aYheav1NZ
+Amqr2BsSl8PufUdfGgMKjMIR6Sv40mhTCUFSL1TG8OsaOecK7XXEjcpaQjCg1lqj
+hL04ayrZehJzuiP30htRdbrFraDr/WQOPW3VqE0DtjVfaH7AARKLp/HRDOd5hiUU
+RBrjB1unJxVpnKg4t0El0g==
+=ssEv
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFlAigEBEACbGsfWe5nCOFrYSpz6oPh9ihq0RZQlktSz7E3Ou0cwSNqOnGRO
+s6z5pyPYlJgpvvaxsKcBS6R4DFq4/30Aut4Jj4T2qa0BXZqqrHrXyM8ucmpPpF0T
+jcRJAQZg/Rj8AhelYtcNKml/j8b9n8p14K+u+Zp0SudaNxLdxIbr94eEEDd/ecH/
+caGspqPuJjBanQNTzV9ws8ft7NLCdWnSvh5aiZrsWIrFfFxQm8zh9kCim2e3QX+p
+wufMDIKH/uEaOlinVCmFJNXGqpeyRjrile+r6Bd8fJiFLFtUeIiCdyxD4nrV+iLx
+ZAc6boVeSXdawPpX/eyXeH7NhpEofFz02W1EAoNFKgzdoEi6CBaA9P9Jrk/wRZuH
+vR+Mzbuu5aXDwDCjhtFu2Mm3bmN5pt3xuYCYoCgOp1wEld+szMfSjQNNJfUkFwzU
+eaHuaofXHQxuQ/uIEh8cr8/GEYtqGOU82T1raj3Sv1GcUfj5RO9k2rI7hWro8Hzc
+oXjLTDfABSZJrsuDLrzMUDOSKb+R3rf7uDYf/bTWkpLwSvrJRQaMXkQm70WWBFF0
+A75HxFBi8/9f35azYlFfCi0cEHAAHm0wdxU/D9b6TV/9zDedbgFl+/8xMBQiOX1r
+WfQrXA7zONhZpc+to5tyzrV57+Q4buKQUibyYut/7Gl1FbVaD4LvAUpbqwARAQAB
+tD5Td2lmdCA0LnggUmVsZWFzZSBTaWduaW5nIEtleSA8c3dpZnQtaW5mcmFzdHJ1
+Y3R1cmVAc3dpZnQub3JnPokCPQQTAQoAJwUCWUCKAQIbAwUJA8JnAAULCQgHAwUV
+CgkICwUWAgMBAAIeAQIXgAAKCRDvVDDwceGyNQE4D/4jyvkwjMzp3KSZKTMvcalT
+JPmc4rkpqc1b3VJCTpG/QRK9faJAbUVBz+iJBRIA7OjsjW9nS+oEkschjs7mjdiA
+U3XxtJMsZSJiO6TRdstJg0i2jT1yhQ7zuf8xeFEpx0Ekya05mYHiz3LdS2TZJcZZ
+D713M1GFsb+bDRGk18nVvlUIDB+9jIoqLgXf3muzHUmF0VF1HHfjB5zHfd9h6P+n
+DG5e/qA1MA6jaoGcHK31qoqvrLvoDMYlo6Nirq5Gsjf8rNTwij2GM1tNP8BIn2Y2
+5rgQ+UbZ3dUE+2KgUg+cqNtZPe0szHOInUew/Kq4ogRWgSWw/NbR+W5J5Ro9pCFJ
+pJaLBhCDQ35CIfcp5Mn2qSr0UW+7U4wfsoI4Oui5/dRx4iXFLD2LRlQuLTe0vRDK
+N6PcSeybtCyxeXXopWZvdNvO9oMoJ6vrorZciF+tcG9qaqaaf/Y1h7pfwiYkLvwp
+4RC/FFURZyjeyk8gfxaE1NfcnXM3rByW8br/gtL1VR/s3igKXk/rVeywlMeXyeXP
+CxS1uflC2dxGfzFiNFJoQlS+0XYV4nYNTVALe4/css3LLFtLt9rBKe3U7JmXl52k
+zyUq5nMsltYp3kg3dRYHejwzyrlVGt0Twos/Zqf8NztD9LPiVsZP/f84AobFsmkN
+ex1agHRY0JDH1IrwmfVwrw==
+=nP+X
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFoBAhsBEACtaQbqQhwMedruhTrierPCHRy6ZmO4HuRdrd9LnOBSraQnHFb9
+kc2IfuHwB6YytZg6VFy4iaFx6vOkZQk7bFiAMB5RwIdPm7OmHGAYWkKeDOCB3lJB
+gJ0YdP7bMOGJL21RRZfUmkTMaT4zP3J0NeUL/mt4ezdJQyyWxdYigN2AgglAxZve
+27K+IjlQVvuAe5MWqPn4pTktjWxuDkIN2BvdWXz5Ycbewul7Hi9dZzaLIVDeTq2F
+MUjR9FBJoNpJKjPTAeOyXj2jvHR753yAeRG/79sfeId9568XNxTi/2OXqdkvwg/q
+huGbx0fgkqnkMw/0nvqDVsbnHXMdE0WNVluemt6I9hJvoHfOEBYYAZi4+spoVCJW
+xwwgVt8tNTgbynejzr09d1RgVJH/OKcKCCOTtbbjUdtMt3MMbaBaN10AKKFWWBbR
+Tom8J6wwM8LsKkFj0F5uzkG928C/vx5hFv3ZltlFUu9j8u4WU2kF1D1nzhw4E9+S
+epq4jrWMa5Dvr9UhnkJCW0g/0vPnynbOcJaXyWQtqxdgAT9LxMBeMSd26O9UklaH
+INivaw8l2SpdauJrYon0uhK8RTTp2rSt+SLHqgxsbmGmr5jTm1Z37EzffgoIFDOB
+a+3zHaLJvkeZQXzbLAqzfHYSV9lUe7In+F9tqZ5l7702UqJmIWoGb6IGqwARAQAB
+tD9Td2lmdCBBdXRvbWF0aWMgU2lnbmluZyBLZXkgIzIgPHN3aWZ0LWluZnJhc3Ry
+dWN0dXJlQHN3aWZ0Lm9yZz6JAj0EEwEKACcFAloBAhsCGwMFCQPCZwAFCwkIBwMF
+FQoJCAsFFgIDAQACHgECF4AACgkQdjjx+ysrCMSihxAApw7qKGfiN8a4bFVwKRdY
+7BLYu9HLetKHUJPerypKEKfUshU0X8Ns3lBxjSqNY2TvLyun1kbtUsxy+qi/X+HM
+nb93ONYOAeny1DFxUdiehhVttTQQB3RXdmhHGytoxzHX62N/uo9tYW9xQ+gaK+QC
+Rt6nZN0Prm6X+4vpQGD7H7O9cN8pw4YuoJRDwn6bFPl7WgqrYWX8/jvbXH1NjbJi
+j6kXvDSzwtPQNsj7vTC5K4TBMgfBFw5kndu+1sEHAfPIbwK8w/EGr32eSRT6l3xk
+TYFquL0S5NGCi9/pIqT90knsDqXyNer4xmwQ5FJPUTpdUbFz0o/DQvIFrbJ465Q4
+feibfhpxVqLCpX8goosAS5nd0jRGicSYmoxdtUBUp4gn3ee3yI6JbA0TN8haczNC
+e0FfQD9s9O+m6ft2/CzIx7YFeiIRhfcjfmGJ0+eAdpEsDqC5Hyc60hwHhPg222Ah
+ASkhwDD9NejskxvdMUPALk2C41ZlR1dYqfXwUJJDPwNY210QQgBZ0+GG72ErYssh
+4sG5U9XRv4IZhFlgBVmMlfbSi71BawOy+IN7ii49m9AY7p6U+m7yoeZV2H8YJbTk
+KhfnS3rZqsSU+ZYJYkGOxnQetkKUDGaVKdwJE49ll5R1/4om0h8aOOU8VyzrXPc9
+cZMQ1BcfMNkeu81HaxE0Lpc=
+=l0K5
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFyUJhwBEADDBN6jVDScsgzfQDxSQga0Og4O3N/nIquwi/DGOgsAsTMWcVA1
+gmRJb792vWa9CmnHILl3ap8zObDSbcXg90nx+eCzWJjG+Ud5c7xuam96NR8ntKmU
+8+BbH/dp8zc9WJB37TiWcaLsddrn58zfm7Ml6P9M48WAeRJX8nxVBTw1SjXJurW0
+Ab8LOgfb60I09Skq72Ud7HaYJOG03iNTf6qLlF977OQsHCb21BnKSAmJqapUS96/
+VOngz7TBzYz4rntfetb8hg28WtUl1s5BQzWaFunkP03b8mPh3PL1SZxutwViVWBu
+hf9kJtx/MLb79fnuJEOus1FvDqJdpd83H+XmXMIDYWgcBIBVrLT5HDtRerjF178H
+okb1F+gboGIqhnx25xTPIYctSHPgJRScZp4WKrqQLKswAmSL4YJXnkXSff05l4gE
+WXQpEMLBZa46qmu8lj8HfoZSbP9lfvEtZ6A+Q3sfh3gjYPv7e6n37x22tSgvyzCb
+jHU1pA2rv10AHK7EIeEQElN+zCyAbmKuhPBiCyxDFg5Dx3xNkYwg9szBJ0KleVD4
++Y3PZJ4N+u+SSATYnHGtmzvkhiNtqJCCwuaqY+jjVObzzqvLLtGjtjxNUWi2X4He
+q+r2fubjCOW14UnQ06qfr3mVUSmuLSKs8BD8qTGuqlgcenGsY0bk0qUPcwARAQAB
+tD5Td2lmdCA1LnggUmVsZWFzZSBTaWduaW5nIEtleSA8c3dpZnQtaW5mcmFzdHJ1
+Y3R1cmVAc3dpZnQub3JnPokCPQQTAQoAJwUCXJQmHAIbAwUJA8JnAAULCQgHAwUV
+CgkICwUWAgMBAAIeAQIXgAAKCRCSXMHM7T0VYSm3EACUtuxMfTmGexA2xBvGhKQ+
+bi3kRMBj+9BoSkVV11gDvumurldXRoKsIIxEdrD4xjagSNiVd7zj3L9wANu6+YgP
+HgBq8sUMXwsyXdL16jNC28qVqKF4jZxwmI9t6nVpQOSxGfBxdXmIhTxDDXFo4JMT
+uKx67BaP1GzZ+BKvxm09xChIJ5xh7x8/bsZ7HlXqc++ARn0Lh9d5CISUKE1PPnMN
+KyRUNt4X/qj7zJHDoAihufPKodvvXPsVAIpfCJZm7XB5WvP63IvQaFW/cX5wineR
+FZY/BKS+tsJt45jJ9c/Ofzqrr//stCz4a44fYvpqaxIqTLr4CpNH3WBIM0RBQqJj
+35jJvdrNIuueby7GN3afRcvZIQBkbMkwZrW1iT8eah3EQDiXszbi7GkbXuOxQOn/
+n8KJJvTJU7wAyH4WLvvWLFUm0oyHjIW4K9vSUM+x74WRuKxVikM6FAJ7uXsYtZ3Z
+lgL2hNlbMwpB+wxvA9isT3dSyzAtZmXpomOLuQTETtm4tSpt8XnF3eCsAKHSWqrA
+/zknqizKeBTPprqibixfO3dwUzFhUu3tkhxznIN3eEUrDMPxNrxObqJf1I4ySUYe
+vc6fqBG86SJ2yjN3IMJm5Y/z58QQUmSOweL9xQSr1hdcCxBtmLSjAlVzJMkpQ/TW
+xXPfHp4mZnRMLsGyO3eYrA==
+=l2j3
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBF3DedcBEADmr11PU7BBVSEjSx3z2bqrktMURD2AnrXJgL+sAeZfMaZpDZCU
+pmLKtI32Yp5X3Mv3mlj2Mz3VdtRh7ni83E5cqTLXs4Yjsujgu6nWS5qWqmSYw0Ax
+RszPPJISf2MAbZyBQJpaoDK9t2eIh3yG6J9XhIMu/ZpDND8afNYGNRhXKetv6+l7
+MHTYd5rlU94eIXcxLA/yV340BVTMoaiIfAwUF2uFubDYfro4Ckj+xzjGIvn3ueu0
+u+Yfmc40YIuCsA+zgf24Tie/rIwifEzWxFCka2jNPU+q8XIrbPmTKGvxnpwjBKIz
+B5HtB+yyV5mhnaVg1kkNZH/rZxJQm/FdFS9IXmOmV5CFn+R8grTxsYP/A4jDHnmz
+wx/gJuUvt/ADt3cuU7sGLtT1cvH1UlS/fso2bDDHBhuEa/9hjD0uIYpLuR4eTUQs
+WNU9a2WFxprNfM7nbUIWqfTr6tdnQORPnDi8lSGePlJNWQHzg36WyxPzq9EG0S5r
+35Gb5NXeok6CN9x0EUiRt/Fl0POQRJ2Y6TWmOzaZ+8B8HExhA02d86Wnzfss8kAB
+eLSHE6aOguwujep9LFrTxUeMZTIkk/kxc0ibHuq0r1jwRWnCx9TwXCFeAW1gs7eo
+xybF/HVuDqSLaRIgpIl2KFxvXRY6g37ggtcAxV5DlH6oK90ja+72Wre8+wARAQAB
+tD9Td2lmdCBBdXRvbWF0aWMgU2lnbmluZyBLZXkgIzMgPHN3aWZ0LWluZnJhc3Ry
+dWN0dXJlQHN3aWZ0Lm9yZz6JAj0EEwEKACcFAl3DedcCGwMFCQPCZwAFCwkIBwMF
+FQoJCAsFFgIDAQACHgECF4AACgkQ+vaYnhvBb+oGHQ//ViB09Rk7W4BxyuvwDZx8
+w7JR/WfCFDYAz210EILu2o3tqHWpfShynA2V/oOFT+VHykr2TK7wT2n/o9axfIq6
+rF8W+X2VnXzwzN3a04iVtakcSeCuH4KIiT7vIjfOtmEwqJlpAIe6LF0NXb5wV9/I
+mxc7xLKbTCBSjrNqQsCOZ6VbLqwQuOjI0afRjnUsI07u/8bo/8WeZS1roKy0ntVI
+wyw05P5cV64pjHwNXH5CN8nB/G4pjCRwehI+4hAm0SOUfIDyLdQ4IThAJY+FVzIQ
+dXSKMyVNQMe/PuwLB3CBNMPOtxsEwOdgrLwClm2jOOS/bjrBI5jerUgCSBDPerEP
+3rb6hjehuvhYudYZ+awmWG2NRxdWqUBO3twudVci4keQjjaBM+XiaWpEn9jD3XkI
+ZZC++bXx0o6ugDGFNTNwpFZ9hCC0x8djDrJDz1OdSYA4Mn4bB1n/8FI3+wSk8AP2
+YzfjXbdXQMe44FUWPJgcCJ8EEsF9eKtw5019288ECIlfaHIzw+tgeg7iTShhB7wi
+8T6PFJvRp8L4hssDfzMS9ZG93InUGL+6eyasIVXJtPDmCCP4LHMN3XYH0TgqBriD
+A6MXJzpykPpl51JkXNRtCWtUVBJpDN3L6Ue4Ouxqs0amMBJCNXM/6t+aJfrgwqiq
+bDzlXsGoKE1i/038Ag41vE0=
+=kzvP
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQINBFyUJhwBEADDBN6jVDScsgzfQDxSQga0Og4O3N/nIquwi/DGOgsAsTMWcVA1
+gmRJb792vWa9CmnHILl3ap8zObDSbcXg90nx+eCzWJjG+Ud5c7xuam96NR8ntKmU
+8+BbH/dp8zc9WJB37TiWcaLsddrn58zfm7Ml6P9M48WAeRJX8nxVBTw1SjXJurW0
+Ab8LOgfb60I09Skq72Ud7HaYJOG03iNTf6qLlF977OQsHCb21BnKSAmJqapUS96/
+VOngz7TBzYz4rntfetb8hg28WtUl1s5BQzWaFunkP03b8mPh3PL1SZxutwViVWBu
+hf9kJtx/MLb79fnuJEOus1FvDqJdpd83H+XmXMIDYWgcBIBVrLT5HDtRerjF178H
+okb1F+gboGIqhnx25xTPIYctSHPgJRScZp4WKrqQLKswAmSL4YJXnkXSff05l4gE
+WXQpEMLBZa46qmu8lj8HfoZSbP9lfvEtZ6A+Q3sfh3gjYPv7e6n37x22tSgvyzCb
+jHU1pA2rv10AHK7EIeEQElN+zCyAbmKuhPBiCyxDFg5Dx3xNkYwg9szBJ0KleVD4
++Y3PZJ4N+u+SSATYnHGtmzvkhiNtqJCCwuaqY+jjVObzzqvLLtGjtjxNUWi2X4He
+q+r2fubjCOW14UnQ06qfr3mVUSmuLSKs8BD8qTGuqlgcenGsY0bk0qUPcwARAQAB
+tD5Td2lmdCA1LnggUmVsZWFzZSBTaWduaW5nIEtleSA8c3dpZnQtaW5mcmFzdHJ1
+Y3R1cmVAc3dpZnQub3JnPokCPQQTAQoAJwIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAUCYFlw2wUJB4exvwAKCRCSXMHM7T0VYcDjD/9gX5EXlPJU1QgFw4PwRUDj
+9GxJ7DQ8ocgZT3mtt03gpRj7yTOL0iBDsJ4GtDiPcq6xCm7WEmNYBs/cJWVGwBC2
+jeQCUCkxCXR310V3/RRFMhKZZPBq9A1UqqooO0WYkpR6JFP2a5cf2kounuyBoVGX
+wV7Cn4ZqX/fLOt156EiWUtOxC5L/nJqn6Ea57arwVUwZ3Q2tcKthxFrmMD9H13oW
+Y4coWiQhVx0xCMbc4cPh7TeRIdUu7D2JJPg/ypqhE2fIPPYrCAJSWp9A/m5oaLM+
+6/ABV+JYw3sgmnCSMxX+EV5iDsRamWMJwO4Yep8qMBD61jID5zn0N+VSLdEVfX+5
+O4tdHMvC/YenJ0SFlWmZ7VGD99497IlsTMBFuOzBwXsfwdbSmG5KB6uKormLB6KB
+INvASgi7HbcYgM6vh82mvpswp5UmrT8f2trnSaxHUz5gtUiYFKdBrLgbLBhMlUTZ
+giRHJqm7DnYJVUAOOj26uu06gcXu77MzEiBT3PGVNPMgfYhc5I6hnx4nrXDYT5IT
+bP9Gt1BpsaG8J2jZL2OyOdkd7FkAuWzJVmozDIhMcsf5AjxrZaSYKc2BwgevdIB/
+nvrD/IHRzS34EDnqv2J2LsQqWI3PM7JC5fW9L69NaSWdWpIoHl4gPcm55wbF+tHP
+SnioHPOvgHUi1wc55I6QNA==
+=z7kI
+-----END PGP PUBLIC KEY BLOCK-----

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.12.2
+  version: 6.15.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-14 00:00:00.000000000 Z
+date: 2021-12-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -131,14 +131,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.7.0
+        version: 2.8.0
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -424,6 +424,7 @@ files:
 - lib/license_finder/license/templates/Ruby.txt
 - lib/license_finder/license/templates/SimplifiedBSD.txt
 - lib/license_finder/license/templates/WTFPL.txt
+- lib/license_finder/license/templates/Zlib.txt
 - lib/license_finder/license/text.rb
 - lib/license_finder/license_aggregator.rb
 - lib/license_finder/logger.rb
@@ -457,6 +458,7 @@ files:
 - lib/license_finder/package_managers/pipenv.rb
 - lib/license_finder/package_managers/rebar.rb
 - lib/license_finder/package_managers/sbt.rb
+- lib/license_finder/package_managers/spm.rb
 - lib/license_finder/package_managers/trash.rb
 - lib/license_finder/package_managers/yarn.rb
 - lib/license_finder/package_utils/activation.rb
@@ -489,6 +491,7 @@ files:
 - lib/license_finder/packages/pip_package.rb
 - lib/license_finder/packages/rebar_package.rb
 - lib/license_finder/packages/sbt_package.rb
+- lib/license_finder/packages/spm_package.rb
 - lib/license_finder/packages/yarn_package.rb
 - lib/license_finder/platform.rb
 - lib/license_finder/project_finder.rb
@@ -514,6 +517,7 @@ files:
 - lib/license_finder/version.rb
 - license_finder.gemspec
 - release/instructions.md
+- swift-all-keys.asc
 homepage: https://github.com/pivotal/LicenseFinder
 licenses:
 - MIT
@@ -533,7 +537,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.16
+rubygems_version: 3.2.33
 signing_key: 
 specification_version: 4
 summary: Audit the OSS licenses of your application's dependencies.