license_finder 6.3.0 → 6.6.2

data/lib/license_finder/package_managers/dotnet.rb

@@ -63,7 +63,8 @@ module LicenseFinder
                           .uniq { |d| [d.name, d.version] }
 
       package_metadatas.map do |d|
-        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls)
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{d.name.downcase}/#{d.version}").first
+        NugetPackage.new(d.name, d.version, spec_licenses: d.read_license_urls, install_path: path)
       end
     end
 

data/lib/license_finder/package_managers/go_15vendorexperiment.rb

@@ -14,7 +14,7 @@ module LicenseFinder
     end
 
     def go_files_exist?
-      !Dir[project_path.join('**/*.go')].empty?
+      !Dir[project_path.join('**/*.go')].empty? && !Dir[project_path.join('vendor/**/*.go')].empty?
     end
 
     def possible_package_paths

data/lib/license_finder/package_managers/go_modules.rb

@@ -4,7 +4,7 @@ require 'license_finder/packages/go_package'
 
 module LicenseFinder
   class GoModules < PackageManager
-    PACKAGES_FILE = 'go.sum'
+    PACKAGES_FILE = 'go.mod'
 
     class << self
       def takes_priority_over
@@ -12,12 +12,8 @@ module LicenseFinder
       end
     end
 
-    def prepare_command
-      'GO111MODULE=on go mod tidy && GO111MODULE=on go mod vendor'
-    end
-
     def active?
-      sum_files?
+      mod_files?
     end
 
     def current_packages
@@ -33,17 +29,44 @@ module LicenseFinder
     private
 
     def packages_info
-      info_output, stderr, _status = Cmd.run("GO111MODULE=on go list -m -mod=vendor -f '{{.Path}},{{.Version}},{{.Dir}}' all")
-      info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -m -f '{{.Path}},{{.Version}},{{.Dir}}' all") if stderr =~ Regexp.compile("can't compute 'all' using the vendor directory")
+      Dir.chdir(project_path) do
+        # Explanations:
+        # * Only list dependencies (packages not listed in the project directory)
+        #   (.DepOnly)
+        # * Ignore standard library packages
+        #   (not .Standard)
+        # * Replacement modules are respected
+        #   (or .Module.Replace .Module)
+        # * Module cache directory or (vendored) package directory
+        #   (or $mod.Dir .Dir)
+        format_str = \
+          '{{ if and (.DepOnly) (not .Standard) }}'\
+            '{{ $mod := (or .Module.Replace .Module) }}'\
+            '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
+          '{{ end }}'
 
-      info_output.split("\n")
+        # The module list flag (`-m`) is intentionally not used here. If the module
+        # dependency tree were followed, transitive dependencies that are never imported
+        # may be included.
+        #
+        # Instead, the owning module is listed for each imported package. This better
+        # matches the implementation of other Go package managers.
+        #
+        # TODO: Figure out a way to make the vendor directory work (i.e. remove the
+        # -mod=readonly flag). Each of the imported packages gets listed separatly,
+        # confusing the issue as to which package is the root of the module.
+        info_output, _stderr, _status = Cmd.run("GO111MODULE=on go list -mod=readonly -deps -f '#{format_str}' ./...")
+
+        # Since many packages may belong to a single module, #uniq is used to deduplicate
+        info_output.split("\n").uniq
+      end
     end
 
-    def sum_files?
-      sum_file_paths.any?
+    def mod_files?
+      mod_file_paths.any?
     end
 
-    def sum_file_paths
+    def mod_file_paths
       Dir[project_path.join(PACKAGES_FILE)]
     end
 

data/lib/license_finder/package_managers/mix.rb

@@ -96,7 +96,7 @@ module LicenseFinder
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       packages_lines(stdout)
-        .reject { |package_lines| package_lines.length == 1 } # in_umbrella: true dependencies
+        .reject { |package_lines| package_lines.length == 1 || package_lines.empty? } # in_umbrella: true dependencies
         .map { |package_lines| [package_lines[0].split(' ')[1], resolve_version(package_lines[1])] }
     end
 

data/lib/license_finder/package_managers/nuget.rb

@@ -51,7 +51,9 @@ module LicenseFinder
     def current_packages
       dependencies.each_with_object({}) do |dep, memo|
         licenses = license_urls(dep)
-        memo[dep.name] ||= NugetPackage.new(dep.name, dep.version, spec_licenses: licenses)
+        path = Dir.glob("#{Dir.home}/.nuget/packages/#{dep.name.downcase}/#{dep.version}").first
+
+        memo[dep.name] ||= NugetPackage.new(dep.name, dep.version, spec_licenses: licenses, install_path: path)
         memo[dep.name].groups << dep.assembly unless memo[dep.name].groups.include? dep.assembly
       end.values
     end
@@ -71,14 +73,59 @@ module LicenseFinder
       assemblies.flat_map(&:dependencies)
     end
 
+    def nuget_binary
+      legacy_vcproj = Dir['**/*.vcproj'].any?
+
+      if legacy_vcproj
+        '/usr/local/bin/nugetv3.5.0.exe'
+      else
+        '/usr/local/bin/nuget.exe'
+      end
+    end
+
     def package_management_command
       return 'nuget' if LicenseFinder::Platform.windows?
 
-      'mono /usr/local/bin/nuget.exe'
+      "mono #{nuget_binary}"
+    end
+
+    def prepare
+      Dir.chdir(project_path) do
+        cmd = prepare_command
+        stdout, stderr, status = Cmd.run(cmd)
+        return if status.success?
+
+        log_errors stderr
+
+        if stderr.include?('-PackagesDirectory')
+          logger.info cmd, 'trying fallback prepare command', color: :magenta
+
+          cmd = "#{cmd} -PackagesDirectory /#{Dir.home}/.nuget/packages"
+          stdout, stderr, status = Cmd.run(cmd)
+          return if status.success?
+
+          log_errors_with_cmd(cmd, stderr)
+        end
+
+        error_message = "Prepare command '#{cmd}' failed\n#{stderr}"
+        error_message += "\n#{stdout}\n" if !stdout.nil? && !stdout.empty?
+        raise error_message unless @prepare_no_fail
+      end
     end
 
     def prepare_command
-      "#{package_management_command} restore"
+      cmd = package_management_command
+      sln_files = Dir['*.sln']
+      cmds = []
+      if sln_files.count > 1
+        sln_files.each do |sln|
+          cmds << "#{cmd} restore #{sln}"
+        end
+      else
+        cmds << "#{cmd} restore"
+      end
+
+      cmds.join(' && ')
     end
 
     def installed?(logger = Core.default_logger)
@@ -94,7 +141,7 @@ module LicenseFinder
     def nuget_check
       return 'where nuget' if LicenseFinder::Platform.windows?
 
-      'which mono && ls /usr/local/bin/nuget.exe'
+      "which mono && ls #{nuget_binary}"
     end
 
     def self.nuspec_license_urls(specfile_content)

data/lib/license_finder/package_managers/pipenv.rb

@@ -15,7 +15,7 @@ module LicenseFinder
         begin
           packages = {}
           each_dependency(groups: allowed_groups) do |name, data, group|
-            version = canonicalize(data['version'])
+            version = canonicalize(data['version'] || 'unknown')
             package = packages.fetch(key_for(name, version)) do |key|
               packages[key] = build_package_for(name, version)
             end

data/lib/license_finder/package_managers/rebar.rb

@@ -5,23 +5,25 @@ module LicenseFinder
     def initialize(options = {})
       super
       @command = options[:rebar_command] || package_management_command
-      @deps_path = Pathname(options[:rebar_deps_dir] || 'deps')
+      @deps_path = Pathname(options[:rebar_deps_dir] || File.join(project_path, '_build/default/lib'))
     end
 
     def current_packages
-      rebar_ouput.map do |name, version_type, version_value, homepage|
+      rebar_deps.map do |name, version|
+        licenses, homepage = dep_info(name)
         RebarPackage.new(
           name,
-          "#{version_type}: #{version_value}",
+          version,
           install_path: @deps_path.join(name),
           homepage: homepage,
+          spec_licenses: licenses.nil? ? [] : [licenses],
           logger: logger
         )
       end
     end
 
     def package_management_command
-      'rebar'
+      'rebar3'
     end
 
     def possible_package_paths
@@ -30,15 +32,34 @@ module LicenseFinder
 
     private
 
-    def rebar_ouput
-      command = "#{@command} list-deps"
+    def rebar_deps
+      command = "#{@command} tree"
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       stdout
         .each_line
-        .reject { |line| line.start_with?('=') }
-        .map { |line| line.split(' ') }
+        .reject { |line| line.start_with?('=') || line.include?('project app') }
+        .map do |line|
+          matches = line.match(/(?<name>\w+)─(?<version>[\S.]+)\s*/)
+          [matches[:name], matches[:version]] if matches
+        end.compact
+    end
+
+    def dep_info(name)
+      command = "#{@command} pkgs #{name}"
+      stdout, _, status = Cmd.run(command)
+      return [nil, nil] unless status.success?
+
+      licenses = nil
+      homepage = nil
+
+      stdout.scan(/Licenses: (?<licenses>.+)|(?<homepage>(https|http).*)/) do |pkg_licenses, pkg_homepage|
+        licenses ||= pkg_licenses
+        homepage ||= pkg_homepage
+      end
+
+      [licenses, homepage]
     end
   end
 end

data/lib/license_finder/package_managers/yarn.rb

@@ -72,11 +72,25 @@ module LicenseFinder
       valid_packages = filter_yarn_internal_package(packages)
 
       valid_packages.map do |package_hash|
-        YarnPackage.new(package_hash['Name'], package_hash['Version'], spec_licenses: [package_hash['License']],
-                                                                       homepage: package_hash['VendorUrl'])
+        YarnPackage.new(
+          package_hash['Name'],
+          package_hash['Version'],
+          spec_licenses: [package_hash['License']],
+          homepage: package_hash['VendorUrl'],
+          authors: package_hash['VendorName'],
+          install_path: project_path.join(modules_folder, package_hash['Name'])
+        )
       end
     end
 
+    def modules_folder
+      return @modules_folder if @modules_folder
+
+      stdout, _stderr, status = Cmd.run('yarn config get modules-folder')
+      @modules_folder = 'node_modules' if !status.success? || stdout.strip == 'undefined'
+      @modules_folder ||= stdout.strip
+    end
+
     # remove fake package created by yarn [Yarn Bug]
     def filter_yarn_internal_package(all_packages)
       internal_package_pattern = /workspace-aggregator-[a-zA-z0-9]{8}-[a-zA-z0-9]{4}-[a-zA-z0-9]{4}-[a-zA-z0-9]{4}-[a-zA-z0-9]{12}/

data/lib/license_finder/package_utils/license_files.rb

@@ -4,7 +4,7 @@ require 'license_finder/package_utils/possible_license_file'
 
 module LicenseFinder
   class LicenseFiles
-    CANDIDATE_FILE_NAMES = %w[LICENSE License LICENCE Licence COPYING README Readme ReadMe].freeze
+    CANDIDATE_FILE_NAMES = %w[License Licence COPYING README].freeze
     CANDIDATE_PATH_WILDCARD = "*{#{CANDIDATE_FILE_NAMES.join(',')}}*"
 
     def self.find(install_path, options = {})
@@ -35,7 +35,7 @@ module LicenseFinder
     def candidate_files_and_dirs
       return [] if install_path.nil?
 
-      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD))
+      Pathname.glob(install_path.join('**', CANDIDATE_PATH_WILDCARD), File::FNM_CASEFOLD)
     end
   end
 end

data/lib/license_finder/packages/bower_package.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'open-uri'
+
 module LicenseFinder
   class BowerPackage < Package
     def initialize(bower_module, options = {})
@@ -31,5 +33,10 @@ module LicenseFinder
     def package_manager
       'Bower'
     end
+
+    def package_url
+      meta = JSON.parse(open("https://registry.bower.io/packages/#{CGI.escape(name)}").read)
+      meta['url']
+    end
   end
 end

data/lib/license_finder/packages/bundler_package.rb

@@ -25,5 +25,9 @@ module LicenseFinder
     def package_manager
       'Bundler'
     end
+
+    def package_url
+      "https://rubygems.org/gems/#{CGI.escape(name)}/versions/#{CGI.escape(version)}"
+    end
   end
 end

data/lib/license_finder/packages/cargo_package.rb

@@ -20,5 +20,9 @@ module LicenseFinder
     def package_manager
       'Cargo'
     end
+
+    def package_url
+      "https://crates.io/crates/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
   end
 end

data/lib/license_finder/packages/cocoa_pods_package.rb

@@ -14,5 +14,9 @@ module LicenseFinder
     def package_manager
       'CocoaPods'
     end
+
+    def package_url
+      "https://cocoapods.org/pods/#{CGI.escape(name)}"
+    end
   end
 end

data/lib/license_finder/packages/composer_package.rb

@@ -5,5 +5,9 @@ module LicenseFinder
     def package_manager
       'Composer'
     end
+
+    def package_url
+      "https://packagist.org/packages/#{CGI.escape(name)}##{CGI.escape(version)}"
+    end
   end
 end

data/lib/license_finder/packages/conan_package.rb

@@ -15,5 +15,9 @@ module LicenseFinder
     def package_manager
       'Conan'
     end
+
+    def package_url
+      "https://conan.io/center/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
   end
 end

data/lib/license_finder/packages/go_package.rb

@@ -8,6 +8,10 @@ module LicenseFinder
       'Go'
     end
 
+    def package_url
+      "https://pkg.go.dev/#{CGI.escape(name)}@#{CGI.escape(version)}"
+    end
+
     class << self
       def from_dependency(hash, prefix, full_version)
         name = hash['ImportPath']

data/lib/license_finder/packages/gradle_package.rb

@@ -22,5 +22,9 @@ module LicenseFinder
     def package_manager
       'Gradle'
     end
+
+    def package_url
+      "https://plugins.gradle.org/plugin/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
   end
 end

data/lib/license_finder/packages/maven_package.rb

@@ -19,5 +19,9 @@ module LicenseFinder
     def package_manager
       'Maven'
     end
+
+    def package_url
+      "https://search.maven.org/artifact/#{CGI.escape(groups.first)}/#{CGI.escape(name.split(':').last)}/#{CGI.escape(version)}/jar"
+    end
   end
 end

data/lib/license_finder/packages/merged_package.rb

@@ -11,7 +11,7 @@ module LicenseFinder
       super(package.name, package.version)
     end
 
-    def_delegators :@dependency, :name, :version, :authors, :summary, :description, :homepage, :children, :parents,
+    def_delegators :@dependency, :name, :version, :authors, :summary, :description, :homepage, :package_url, :children, :parents,
                    :groups, :permitted, :restricted, :manual_approval, :install_path, :licenses, :approved_manually?,
                    :approved_manually!, :approved?, :permitted!, :permitted?, :restricted!, :restricted?, :hash,
                    :activations, :missing, :license_names_from_spec, :decided_licenses, :licensing, :decide_on_license,

data/lib/license_finder/packages/mix_package.rb

@@ -5,5 +5,9 @@ module LicenseFinder
     def package_manager
       'Mix'
     end
+
+    def package_url
+      "https://hex.pm/packages/#{CGI.escape(name)}/#{CGI.escape(version)}"
+    end
   end
 end

data/lib/license_finder/packages/npm_package.rb

@@ -89,6 +89,10 @@ module LicenseFinder
       'Npm'
     end
 
+    def package_url
+      "https://www.npmjs.com/package/#{CGI.escape(name)}/v/#{CGI.escape(version)}"
+    end
+
     private
 
     def deps_from_json