license_finder 6.14.2 → 7.0.1

data/lib/license_finder/package_managers/go_dep.rb

@@ -38,7 +38,7 @@ module LicenseFinder
                             project_path.join(GODEP_VENDOR_PATH)
                           else
                             download_dependencies
-                            Pathname(ENV['GOPATH'] ? ENV['GOPATH'] + '/src' : ENV['HOME'] + '/go/src')
+                            Pathname(ENV['GOPATH'] ? "#{ENV['GOPATH']}/src" : "#{ENV['HOME']}/go/src")
                           end
     end
 

data/lib/license_finder/package_managers/go_workspace.rb

@@ -94,7 +94,7 @@ module LicenseFinder
         deps = val.split("\n")
         Cmd.run('go list std').first.split("\n").each do |std|
           deps.delete_if do |dep|
-            dep =~ %r{(\/|^)#{std}(\/|$)}
+            dep =~ %r{(/|^)#{std}(/|$)}
           end
         end
         deps

data/lib/license_finder/package_managers/maven.rb

@@ -34,14 +34,10 @@ module LicenseFinder
     end
 
     def package_management_command
-      wrapper = if Platform.windows?
-                  'mvnw.cmd'
-                else
-                  './mvnw'
-                end
+      wrapper = File.join(project_path, Platform.windows? ? 'mvnw.cmd' : 'mvnw')
       maven = 'mvn'
 
-      File.exist?(File.join(project_path, wrapper)) ? wrapper : maven
+      File.exist?(wrapper) ? wrapper : maven
     end
 
     def possible_package_paths

data/lib/license_finder/package_managers/nuget.rb

@@ -64,7 +64,7 @@ module LicenseFinder
 
       file = files.first
       Zip::File.open file do |zipfile|
-        content = zipfile.read(dep.name + '.nuspec')
+        content = zipfile.read("#{dep.name}.nuspec")
         Nuget.nuspec_license_urls(content)
       end
     end

data/lib/license_finder/package_managers/pub.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'yaml'
+
+module LicenseFinder
+  class Pub < PackageManager
+    class PubError < RuntimeError; end
+
+    def current_packages
+      unless File.exist?('pubspec.lock')
+        raise PubError, "No checked-out Pub packages found.
+          Please install your dependencies first."
+      end
+
+      if ENV['PUB_CACHE'].nil? || ENV['PUB_CACHE'].eql?('')
+        raise PubError, 'While PUB_CACHE environment variable is empty, retrieving package licenses is impossible. Please set the PUB_CACHE env variable (default: ~/.pub)'
+      end
+
+      stdout, _stderr, _status = Cmd.run('flutter pub deps --json')
+      yaml_deps = JSON.parse(stdout)
+      yaml_deps['packages'].map do |dependency|
+        package_name = dependency['name']
+        subpath = "#{dependency['name']}-#{dependency['version']}"
+        package_version = dependency['version']
+
+        project_repo = dependency['source'] == 'git' ? Pathname("#{ENV['PUB_CACHE']}/git/#{dependency['name']}-*/") : Pathname("#{ENV['PUB_CACHE']}/hosted/pub.dartlang.org/#{subpath}")
+
+        homepage = read_repository_home(project_repo)
+        homepage = "https://pub.dev/packages/#{package_name}" if homepage.nil? || homepage.empty?
+        PubPackage.new(
+          package_name,
+          package_version,
+          license_text(project_repo),
+          logger: logger,
+          install_path: project_repo,
+          homepage: homepage
+        )
+      end
+    end
+
+    def possible_package_paths
+      [project_path.join('pubspec.lock')]
+    end
+
+    def package_management_command
+      'flutter'
+    end
+
+    def prepare_command
+      'flutter pub get'
+    end
+
+    def prepare
+      prep_cmd = "#{prepare_command} #{production_flag}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+
+      return if status.success?
+
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+
+    private
+
+    def license_text(subpath)
+      license_path = license_pattern(subpath).find { |f| File.exist?(f) }
+      license_path.nil? ? nil : IO.read(license_path)
+    end
+
+    def license_pattern(subpath)
+      Dir.glob(subpath.join('LICENSE*'), File::FNM_CASEFOLD)
+    end
+
+    def production_flag
+      return '' if @ignored_groups.nil?
+
+      @ignored_groups.include?('devDependencies') ? '' : 'no-'
+    end
+
+    def read_repository_home(project_repo)
+      package_yaml = project_repo.join('pubspec.yaml')
+      YAML.load(IO.read(package_yaml))['repository'] if Dir.exist?(project_repo) && File.exist?(package_yaml)
+    end
+  end
+end

data/lib/license_finder/package_managers/sbt.rb

@@ -17,11 +17,7 @@ module LicenseFinder
 
       dependencies = SbtDependencyFinder.new(project_path).dependencies
       packages = dependencies.flat_map do |text|
-        options = {
-          headers: true
-        }
-
-        contents = CSV.parse(text, options)
+        contents = CSV.parse(text, headers: true)
         contents.map do |row|
           group_id, name, version = row['Dependency'].split('#').map(&:strip)
           spec = {

data/lib/license_finder/package_managers/yarn.rb

@@ -2,19 +2,22 @@
 
 module LicenseFinder
   class Yarn < PackageManager
-    SHELL_COMMAND = 'yarn licenses list --no-progress --json'
+    SHELL_COMMAND = 'yarn licenses list --json'
 
     def possible_package_paths
       [project_path.join('yarn.lock')]
     end
 
     def current_packages
-      cmd = "#{Yarn::SHELL_COMMAND}#{production_flag}"
-      suffix = " --cwd #{project_path}" unless project_path.nil?
-      cmd += suffix unless suffix.nil?
+      # the licenses plugin supports the classic production flag
+      cmd = "#{Yarn::SHELL_COMMAND}#{classic_yarn_production_flag}"
+      if yarn_version == 1
+        cmd += ' --no-progress'
+        cmd += " --cwd #{project_path}" unless project_path.nil?
+      end
 
-      stdout, _stderr, status = Cmd.run(cmd)
-      return [] unless status.success?
+      stdout, stderr, status = Cmd.run(cmd)
+      raise "Command '#{cmd}' failed to execute: #{stderr}" unless status.success?
 
       packages = []
       incompatible_packages = []
@@ -39,7 +42,7 @@ module LicenseFinder
     end
 
     def prepare
-      prep_cmd = "#{prepare_command}#{production_flag}"
+      prep_cmd = prepare_command.to_s
       _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
       return if status.success?
 
@@ -56,11 +59,41 @@ module LicenseFinder
     end
 
     def prepare_command
-      'yarn install --ignore-engines --ignore-scripts'
+      if yarn_version == 1
+        classic_yarn_prepare_command
+      else
+        yarn_prepare_command
+      end
     end
 
     private
 
+    def yarn_prepare_command
+      "#{yarn_plugin_production_command}yarn install && yarn plugin import https://raw.githubusercontent.com/mhassan1/yarn-plugin-licenses/#{yarn_licenses_plugin_version}/bundles/@yarnpkg/plugin-licenses.js"
+    end
+
+    def classic_yarn_prepare_command
+      "yarn install --ignore-engines --ignore-scripts#{classic_yarn_production_flag}"
+    end
+
+    def yarn_licenses_plugin_version
+      if yarn_version == 2
+        'v0.6.0'
+      else
+        'v0.7.2'
+      end
+    end
+
+    def yarn_version
+      Dir.chdir(project_path) do
+        version_string, stderr_str, status = Cmd.run('yarn -v')
+        raise "Command 'yarn -v' failed to execute: #{stderr_str}" unless status.success?
+
+        version = version_string.split('.').map(&:to_i)
+        return version[0]
+      end
+    end
+
     def packages_from_json(json_data)
       body = json_data['body']
       head = json_data['head']
@@ -98,10 +131,16 @@ module LicenseFinder
       all_packages - [yarn_internal_package]
     end
 
-    def production_flag
+    def classic_yarn_production_flag
       return '' if @ignored_groups.nil?
 
       @ignored_groups.include?('devDependencies') ? ' --production' : ''
     end
+
+    def yarn_plugin_production_command
+      return '' if @ignored_groups.nil?
+
+      @ignored_groups.include?('devDependencies') ? 'yarn plugin import workspace-tools && yarn workspaces focus --all --production && ' : ''
+    end
   end
 end

data/lib/license_finder/package_utils/license_files.rb

@@ -4,7 +4,7 @@ require 'license_finder/package_utils/possible_license_file'
 
 module LicenseFinder
   class LicenseFiles
-    CANDIDATE_FILE_NAMES = %w[License Licence COPYING README].freeze
+    CANDIDATE_FILE_NAMES = %w[LICENSE License license LICENCE Licence licence COPYING copying README readme].freeze
     CANDIDATE_PATH_WILDCARD = "*{#{CANDIDATE_FILE_NAMES.join(',')}}*"
 
     def self.find(install_path, options = {})
@@ -35,7 +35,7 @@ module LicenseFinder
     def candidate_files_and_dirs
       return [] if install_path.nil?
 
-      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD), File::FNM_CASEFOLD)
+      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
     end
   end
 end

data/lib/license_finder/packages/bower_package.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'open-uri'
-
 module LicenseFinder
   class BowerPackage < Package
     def initialize(bower_module, options = {})
@@ -35,7 +34,11 @@ module LicenseFinder
     end
 
     def package_url
-      meta = JSON.parse(open("https://registry.bower.io/packages/#{CGI.escape(name)}").read)
+      meta = if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.5.0')
+               JSON.parse(open("https://registry.bower.io/packages/#{CGI.escape(name)}").read)
+             else
+               JSON.parse(URI.open("https://registry.bower.io/packages/#{CGI.escape(name)}").read)
+             end
       meta['url']
     end
   end

data/lib/license_finder/packages/erlangmk_package.rb

@@ -37,9 +37,7 @@ module LicenseFinder
     end
 
     def dep_version
-      @dep_version ||= begin
-        dep_version_unformatted.sub(version_prefix_re, '')
-      end
+      @dep_version ||= dep_version_unformatted.sub(version_prefix_re, '')
     end
 
     def dep_repo
@@ -88,7 +86,7 @@ module LicenseFinder
     def dep_version_valid?
       return false unless set?(dep_version_unformatted)
 
-      if dep_version =~ version_re
+      if dep_version&.match?(version_re)
         Gem::Version.correct?(dep_version)
       else
         dep_version =~ word_dot_re

data/lib/license_finder/packages/npm_package.rb

@@ -156,6 +156,7 @@ module LicenseFinder
 
     class PackageJson
       attr_reader :groups
+
       DEPENDENCY_GROUPS = %w[dependencies devDependencies].freeze
 
       def initialize(path)

data/lib/license_finder/packages/pubspec_package.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class PubPackage < Package
+    def initialize(name, version, license_text, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'Pub'
+    end
+  end
+end

data/lib/license_finder/printer.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Printer
+    attr_reader :padding
+
+    def initialize #:nodoc:
+      @base = nil
+      @mute = false
+      @padding = 0
+      @always_force = false
+    end
+
+    def say(message = '', color = nil, force_new_line = (message.to_s !~ /( |\t)\Z/))
+      buffer = prepare_message(message, *color)
+      buffer << "\n" if force_new_line && !message.to_s.end_with?("\n")
+
+      stdout.print(buffer)
+      stdout.flush
+    end
+
+    def prepare_message(message, *color)
+      spaces = '  ' * padding
+      spaces + set_color(message.to_s, *color)
+    end
+
+    def set_color(string, *) #:nodoc:
+      string
+    end
+
+    def padding=(value)
+      @padding = [0, value].max
+    end
+
+    def stdout
+      $stdout
+    end
+  end
+end

data/lib/license_finder/report.rb

@@ -9,11 +9,12 @@ module LicenseFinder
     def initialize(dependencies, options)
       @dependencies = dependencies
       @project_name = options[:project_name]
+      @use_spdx_id = options[:use_spdx_id]
     end
 
     private
 
-    attr_reader :dependencies, :project_name
+    attr_reader :dependencies, :project_name, :use_spdx_id
 
     def sorted_dependencies
       dependencies.sort

data/lib/license_finder/reports/csv_report.rb

@@ -60,7 +60,7 @@ module LicenseFinder
       if dep.missing?
         MISSING_DEPENDENCY_TEXT
       else
-        dep.licenses.map(&:name).join(self.class::COMMA_SEP)
+        dep.licenses.map(&@use_spdx_id ? :standard_id : :name).join(self.class::COMMA_SEP)
       end
     end
 

data/lib/license_finder/reports/erb_report.rb

@@ -5,7 +5,11 @@ module LicenseFinder
     TEMPLATE_PATH = ROOT_PATH.join('reports', 'templates')
 
     def to_s(filename = TEMPLATE_PATH.join("#{template_name}.erb"))
-      template = ERB.new(filename.read, nil, '-')
+      if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.6.0')
+        template = ERB.new(filename.read, nil, '-')
+      else
+        template = ERB.new(filename.read, trim_mode: '-')
+      end
       template.result(binding)
     end
 
@@ -22,7 +26,7 @@ module LicenseFinder
     end
 
     def link_to_license(license)
-      link_to_maybe license.name, license.url
+      link_to_maybe (@use_spdx_id ? license.standard_id : license.name), license.url
     end
 
     def link_to_dependency(dependency)
@@ -42,7 +46,7 @@ module LicenseFinder
     end
 
     def license_names(dependency)
-      dependency.licenses.map(&:name).sort.join ', '
+      dependency.licenses.map(&@use_spdx_id? :standard_id : :name).sort.join ', '
     end
 
     def license_links(dependency)

data/lib/license_finder/reports/json_report.rb

@@ -24,7 +24,8 @@ module LicenseFinder
     end
 
     def format_licenses(dep)
-      dep.missing? ? [] : dep.licenses.map(&:name)
+      dep.missing? ? [] :
+       dep.licenses.map(&(@use_spdx_id ? :standard_id : :name))
     end
   end
 end

data/lib/license_finder/reports/junit_report.rb

@@ -6,7 +6,11 @@ module LicenseFinder
     TEMPLATE_PATH = ROOT_PATH.join('templates')
 
     def to_s(filename = TEMPLATE_PATH.join("#{template_name}.erb"))
-      template = ERB.new(filename.read, nil, '-')
+      if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.6.0')
+        template = ERB.new(filename.read, nil, '-')
+      else
+        template = ERB.new(filename.read, trim_mode: '-')
+      end
       template.result(binding)
     end
 

data/lib/license_finder/reports/xml_report.rb

@@ -6,7 +6,11 @@ module LicenseFinder
     TEMPLATE_PATH = ROOT_PATH.join('templates')
 
     def to_s(filename = TEMPLATE_PATH.join("#{template_name}.erb"))
-      template = ERB.new(filename.read, nil, '-')
+      if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.6.0')
+        template = ERB.new(filename.read, nil, '-')
+      else
+        template = ERB.new(filename.read, trim_mode: '-')
+      end
       template.result(binding)
     end
 

data/lib/license_finder/scanner.rb

@@ -5,7 +5,7 @@ module LicenseFinder
     PACKAGE_MANAGERS = [
       GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
       Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv,
-      Conda, Spm
+      Conda, Spm, Pub
     ].freeze
 
     class << self

data/license_finder.gemspec

@@ -3,7 +3,7 @@
 version = File.read(File.expand_path('VERSION', __dir__)).strip
 
 Gem::Specification.new do |s|
-  s.required_ruby_version = '>= 2.3.3'
+  s.required_ruby_version = '>= 2.4.0'
   s.name        = 'license_finder'
   s.version     = version
 
@@ -45,26 +45,28 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'bundler'
   s.add_dependency 'rubyzip', '>=1', '<3'
-  s.add_dependency 'thor', '~> 1.0.1'
+  s.add_dependency 'thor', '~> 1.2'
   s.add_dependency 'tomlrb', '>= 1.3', '< 2.1'
   s.add_dependency 'with_env', '1.1.0'
-  s.add_dependency 'xml-simple', '~> 1.1.5'
+  s.add_dependency 'xml-simple', '~> 1.1.9'
 
   s.add_development_dependency 'addressable', '2.8.0'
-  s.add_development_dependency 'capybara', '~> 3.15.0'
-  s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM =~ /darwin/
-  s.add_development_dependency 'fakefs', '~> 1.2.0'
-  s.add_development_dependency 'mime-types', '3.3.1'
-  s.add_development_dependency 'pry', '~> 0.14.0'
-  s.add_development_dependency 'rake', '~> 13.0.1'
+  s.add_development_dependency 'capybara', '~> 3.32.2'
+  s.add_development_dependency 'cocoapods', '>= 1.0.0' if RUBY_PLATFORM.match?(/darwin/)
+  s.add_development_dependency 'e2mmap', '~> 0.1.0'
+  s.add_development_dependency 'fakefs', '~> 1.4.1'
+  s.add_development_dependency 'matrix', '~> 0.1.0'
+  s.add_development_dependency 'mime-types', '3.4.1'
+  s.add_development_dependency 'pry', '~> 0.14.1'
+  s.add_development_dependency 'rake', '~> 13.0.6'
   s.add_development_dependency 'rspec', '~> 3'
   s.add_development_dependency 'rspec-its', '~> 1.3.0'
-  s.add_development_dependency 'rubocop', '~> 0.81.0'
-  s.add_development_dependency 'rubocop-performance', '~> 1.5.0'
-  s.add_development_dependency 'webmock', '~> 3.5'
+  s.add_development_dependency 'rubocop', '~> 1.12.1'
+  s.add_development_dependency 'rubocop-performance', '~> 1.10.2'
+  s.add_development_dependency 'webmock', '~> 3.14'
 
   s.add_development_dependency 'nokogiri', '~>1.10'
-  s.add_development_dependency 'rack', '~> 2.2.2'
+  s.add_development_dependency 'rack', '~> 2.2.3'
   s.add_development_dependency 'rack-test', '~> 1.1.0', '> 0.7'
 
   s.files         = `git ls-files`.split("\n").reject { |f| f.start_with?('spec', 'features') }