license_scout 2.2.0 → 2.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fff0dd83efc21ff06cc8fcc66bd3035387d9a61ad6ac033c50c525612a477acf
-  data.tar.gz: 934a3a5bbf27de7a5c0f6f0f657659e5a16a9e31d1bd6ebaff8d69365ba88299
+  metadata.gz: f8ff75c46c04b580099b10f59088cde2bbf10e6131e13daf266f8c107faf9629
+  data.tar.gz: c96cbd17eb105ba96b663d37f3dbd8e3b589da387c5339a655fb612a9d975a92
 SHA512:
-  metadata.gz: 24a584c6ebf0e4820082a42948f012f4017c916da060572425081add7b9ade1a44679c8d460a3f68970d2b4cc88fda3d26f64012b38fceec1b38f928a697c10d
-  data.tar.gz: 02e7b5e509e979d51662f985469ae929c96b20d0d85ba48dd89ce59add5afb9c5d8a5794116a3de184b2d7efa6999278bf88338eeb7ea3922f65040adfa8f2bd
+  metadata.gz: 30cd04254f9d26f7b613bd3f22274494ad0c62cbd49131684404b4a1d245c6ff439b0a55182dbe6b05caeb2a5bea22b7cd223c830299b57f6019578bc16cd492
+  data.tar.gz: 88ca96ac3db1fb0cd74029a9b7f5724b481d5cbcb0ec7eade95db1a0ae063c093e918d2eabf7c261d39bc99a25b64bb32a64b5bfef83f8b037f6f2e91c0dcfd0

data/README.md

@@ -9,11 +9,12 @@ Dependency Type | Supported Dependency Managers
 chef_cookbook | berkshelf
 erlang | rebar
 elixir | mix
-golang | dep, godep, glide
+golang | modules, dep, godep, glide
 habitat | habitat
 nodejs | npm
 perl | cpan
 ruby | bundler
+rust | cargo
 
 ## Installation
 
@@ -27,6 +28,8 @@ gem install license_scout
 
 * If you wish to scan for `berkshelf` dependencies, you'll need to manually install the Berkshelf gem in the same Ruby as License Scout
 * If you wish to scan for `mix` or `rebar` dependencies, you'll need to install Erlang OTP 18.3 or greater.
+* If you wish to scan for `cargo` dependencies, you'll need to manually install cargo
+* If you wish to scan for `go mod` dependencies, you'll need to manually install go
 
 ### Habitat
 
@@ -179,12 +182,21 @@ license_content | A URL to a file where the raw text of the license can be downl
 
 In addition to including any files Licensee identified as potential license files (but couldn't identify), License Scout will also include the Fallback License you specified in the Dependency Manifest.
 
+### Searching Nested Subdirectories
+
+License Scout's default behavior is to only look for dependency manager files in the root of the `directories` that you configure. This default behavior provides greater control over the dependencies that you want to appear in your report. For example, you may not want to enforce license acceptance on an internal-only tool that is included in a project.
+
+License Scout will also scan subdirectories for all dependency manager files and generate a full report on all dependencies that the project uses. To do this, either specify the `--include-sub-directories` command line flag, or set `include_subdirectories` to true in your configuration file.
+
+A common use case for this functionality is to run `license_scout` from the root of a project and get a full report for that project.
+
+```
+license_scout --include-sub-directories
+```
+
 ## Habitat Channel Configuration
 
-By default License Scout searches for Habitat package in the `stable`
-channel. If your build process publishes packages to another channel
-by default, you can use the `channel_for_origin` habitat configuration
-option:
+By default License Scout searches for Habitat package in the `stable` channel. If your build process publishes packages to another channel by default, you can use the `channel_for_origin` habitat configuration option:
 
 ```yaml
 habitat:
@@ -216,6 +228,7 @@ Format | Description
 Value | Description | Default
 --- | --- | ---
 directories | The fully-qualified local paths to the directories you wish to scan | _The current working directory._ |
+include_subdirectories | Whether or not to include all nested sub-directories of `directories` in the search. | `false` |
 name | The name you want to give to the scan result. | _The basename of the first directory to be scanned._ |
 output_directory | The path to the directory where the output JSON file should be saved. | _The current working directory._ |
 log_level | What log information should be included in STDOUT | `info` |
@@ -235,6 +248,14 @@ https://github.com/chef/chef/blob/master/CONTRIBUTING.md
 
 Pull requests in this project are merged when they have two :+1:s from maintainers.
 
+## GitHub Tokens
+
+If you wish to scan private GitHub repositories or are hitting API rate limits, [create a GitHub token](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line) and set it to this environmental variable:
+
+```
+OCTOKIT_ACCESS_TOKEN=your_token_value
+```
+
 ## Maintainers
 
 - [Dan DeLeo](https://github.com/danielsdeleo)

data/bin/license_scout

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-$:.unshift File.expand_path("../../lib", __FILE__)
+$:.unshift File.expand_path("../lib", __dir__)
 
 require "license_scout"
 

data/lib/license_scout/cli.rb

@@ -15,9 +15,9 @@
 # limitations under the License.
 #
 
-require "zlib" # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
+require "zlib" unless defined?(Zlib) # Temporarily require before rugged to fix https://github.com/prontolabs/pronto/issues/23
 
-require "mixlib/cli"
+require "mixlib/cli" unless defined?(Mixlib::CLI)
 require "license_scout/config"
 require "license_scout/exporter"
 require "license_scout/collector"
@@ -42,6 +42,11 @@ module LicenseScout
       description: "Comma-separated list of directories to scan",
       proc: Proc.new { |d| d.split(",") }
 
+    option :include_subdirectories,
+      long: "--include-sub-directories",
+      description: "Include all sub-directories of 'directories' in the analysis",
+      boolean: true
+
     option :format,
       long: "--format FORMAT",
       description: "When exporting a Dependency Manifest, export to this format",
@@ -52,7 +57,7 @@ module LicenseScout
       short: "-l LEVEL",
       long: "--log-level LEVEL",
       description: "Set the log level",
-      in: [:debug, :info, :warn, :error, :fatal],
+      in: %i{debug info warn error fatal},
       default: :info,
       proc: Proc.new { |l| l.to_sym }
 
@@ -80,7 +85,7 @@ module LicenseScout
 
       LicenseScout::Config.config_files.each do |config_file|
         if config_file =~ /^http/
-          require "open-uri"
+          require "open-uri" unless defined?(OpenURI)
 
           LicenseScout::Log.info("[cli] Loading config from #{config_file}")
 

data/lib/license_scout/collector.rb

@@ -57,7 +57,7 @@ module LicenseScout
     end
 
     def dependency_managers
-      @dependency_managers ||= LicenseScout::Config.directories.map do |dir|
+      @dependency_managers ||= LicenseScout::Config.all_directories.map do |dir|
         LicenseScout::DependencyManager.implementations.map do |implementation|
           dep_mgr = implementation.new(File.expand_path(dir))
           if dep_mgr.detected?

data/lib/license_scout/config.rb

@@ -15,8 +15,8 @@
 # limitations under the License.
 #
 
-require "mixlib/config"
-require "tmpdir"
+require "mixlib/config" unless defined?(Mixlib::Config)
+require "tmpdir" unless defined?(Dir.mktmpdir)
 
 require "license_scout/exceptions"
 require "license_scout/log"
@@ -28,6 +28,7 @@ module LicenseScout
 
     # Inputs
     default :directories, [File.expand_path(Dir.pwd)]
+    default :include_subdirectories, false
     default :name, File.basename(directories.first)
     default :config_files, [File.join(File.expand_path(Dir.pwd), ".license_scout.yml")]
 
@@ -49,6 +50,7 @@ module LicenseScout
       default :nodejs, []
       default :perl, []
       default :ruby, []
+      default :rust, []
     end
 
     config_context :fallbacks do
@@ -60,6 +62,7 @@ module LicenseScout
       default :nodejs, []
       default :perl, []
       default :ruby, []
+      default :rust, []
     end
 
     config_context :habitat do
@@ -79,6 +82,23 @@ module LicenseScout
 
     class << self
 
+      def all_directories
+        if include_subdirectories
+          new_directories = []
+
+          directories.each do |old_directory|
+            new_directories << old_directory
+            Dir.chdir(old_directory) do
+              new_directories << Dir.glob("**/*").select { |f| File.directory?(f) }.map { |d| File.join(old_directory, d) }
+            end
+          end
+
+          new_directories.flatten.compact
+        else
+          directories
+        end
+      end
+
       def validate!
         if !allowed_licenses.empty? && !flagged_licenses.empty?
           raise LicenseScout::Exceptions::ConfigError.new("You may specify a list of licenses to allow or flag. You may not specify both.")

data/lib/license_scout/dependency.rb

@@ -94,7 +94,7 @@ module LicenseScout
 
     # @return [Boolean] Whether or not this object is equal to another one. Used for Set uniqueness.
     def eql?(other)
-      other.kind_of?(self.class) && other.hash == hash
+      other.is_a?(self.class) && other.hash == hash
     end
 
     # @return [Integer] A hashcode that can be used to idenitfy this object. Used for Set uniqueness.

data/lib/license_scout/dependency_manager.rb

@@ -19,10 +19,12 @@ require "license_scout/dependency_manager/base"
 
 require "license_scout/dependency_manager/berkshelf"
 require "license_scout/dependency_manager/bundler"
+require "license_scout/dependency_manager/cargo"
 require "license_scout/dependency_manager/cpanm"
 require "license_scout/dependency_manager/dep"
 require "license_scout/dependency_manager/glide"
 require "license_scout/dependency_manager/godep"
+require "license_scout/dependency_manager/gomod"
 require "license_scout/dependency_manager/habitat"
 require "license_scout/dependency_manager/mix"
 require "license_scout/dependency_manager/rebar"
@@ -34,10 +36,12 @@ module LicenseScout
       [
         Berkshelf,
         Bundler,
+        Cargo,
         Cpanm,
         Dep,
         Glide,
         Godep,
+        Gomod,
         Habitat,
         Mix,
         Rebar,

data/lib/license_scout/dependency_manager/base.rb

@@ -20,14 +20,14 @@ require "license_scout/dependency"
 require "license_scout/exceptions"
 
 require "bundler"
-require "ffi_yajl"
-require "net/http"
-require "mixlib/shellout"
-require "pathname"
+require "ffi_yajl" unless defined?(FFI_Yajl)
+require "net/http" unless defined?(Net::HTTP)
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
+require "pathname" unless defined?(Pathname)
 require "psych"
-require "set"
+require "set" unless defined?(Set)
 require "toml-rb"
-require "yaml"
+require "yaml" unless defined?(YAML)
 
 module LicenseScout
   # The DependencyManager module (or more accurately, implementations of it) are responsible for recognizing
@@ -51,6 +51,7 @@ module LicenseScout
       # @example Go's various package managers
       #   Name        Reference
       #   --------    -----------------------------------------------
+      #   go_mod      [`gomod`](https://golang.org/cmd/go/#hdr-The_go_mod_file)
       #   go_dep      [`godep`](https://github.com/tools/godep)
       #   go_godep    [`dep`](https://github.com/golang/dep)
       #   go_glide    [`glide`](https://github.com/Masterminds/glide)

data/lib/license_scout/dependency_manager/cargo.rb

@@ -0,0 +1,95 @@
+#
+# Copyright:: Copyright 2016, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "license_scout/dependency_manager/base"
+
+module LicenseScout
+  module DependencyManager
+    class Cargo < Base
+      def name
+        "rust_cargo"
+      end
+
+      def type
+        "rust"
+      end
+
+      def signature
+        "Cargo and Cargo.lock files"
+      end
+
+      def install_command
+        "cargo build"
+      end
+
+      def detected?
+        File.exist?(cargo_file_path) && File.exist?(cargo_lockfile_path)
+      end
+
+      def dependencies
+        dependency_data.map do |crate_data|
+          dep_name = crate_data["name"]
+          dep_version = crate_data["version"]
+          dep_license = crate_data["license"]
+
+          dependency = new_dependency(dep_name, dep_version, nil)
+          dependency.add_license(dep_license, "https://crates.io/crates/#{dep_name}/#{dep_version}")
+
+          dependency
+        end.compact
+      end
+
+      private
+
+      def dependency_data
+        Dir.chdir(directory) do
+          install_cargo_license_crate
+
+          s = Mixlib::ShellOut.new("cargo-license -d -j")
+          s.run_command
+          s.error!
+
+          json_dep_data = s.stdout
+          FFI_Yajl::Parser.parse(json_dep_data)
+        end
+      end
+
+      def install_cargo_license_crate
+        # Attempt to install cargo-license
+        s = Mixlib::ShellOut.new("cargo install cargo-license")
+        s.run_command
+
+        # If cargo-license is already installed, it will return an error
+        # but we can ignore it
+        # Any other error, however, should halt the process and be returned
+        # to the user
+        if s.stderr != "" && s.stderr !~ /binary `cargo-license` already exists/
+          s.error!
+        end
+      end
+
+      def cargo_file_path
+        File.join(directory, "Cargo.toml")
+      end
+
+      def cargo_lockfile_path
+        File.join(directory, "Cargo.lock")
+      end
+
+    end
+  end
+end

data/lib/license_scout/dependency_manager/dep.rb

@@ -63,7 +63,7 @@ module LicenseScout
       end
 
       def gopath(pkg)
-        "#{ENV['GOPATH']}/src/#{pkg}"
+        "#{ENV["GOPATH"]}/src/#{pkg}"
       end
 
       def vendor_dir(pkg = nil)

data/lib/license_scout/dependency_manager/glide.rb

@@ -60,7 +60,7 @@ module LicenseScout
       end
 
       def gopath(pkg)
-        "#{ENV['GOPATH']}/src/#{pkg}"
+        "#{ENV["GOPATH"]}/src/#{pkg}"
       end
     end
   end

data/lib/license_scout/dependency_manager/godep.rb

@@ -64,7 +64,7 @@ module LicenseScout
       end
 
       def gopath(pkg)
-        "#{ENV['GOPATH']}/src/#{pkg}"
+        "#{ENV["GOPATH"]}/src/#{pkg}"
       end
     end
   end

data/lib/license_scout/dependency_manager/gomod.rb

@@ -0,0 +1,113 @@
+#
+# Copyright:: Copyright 2020, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "license_scout/dependency_manager/base"
+
+module LicenseScout
+  module DependencyManager
+    class Gomod < Base
+
+      def name
+        "golang_modules"
+      end
+
+      def type
+        "golang"
+      end
+
+      def signature
+        "go.sum file"
+      end
+
+      def install_command
+        "go mod download"
+      end
+
+      def detected?
+        File.exist?(go_sum_file)
+      end
+
+      def dependencies
+        go_modules.map do |mod|
+          next if mod["Main"] == true
+
+          dep_name = mod["Path"]
+          dep_version = mod["Version"]
+          dep_path = mod["Dir"]
+
+          new_dependency(dep_name, dep_version, dep_path)
+        end.compact
+      end
+
+      def go_sum_file
+        File.join(directory, "go.sum")
+      end
+
+      def vendor_dir
+        File.join(directory, "vendor")
+      end
+
+      def modules_txt_file
+        File.join(vendor_dir, "modules.txt")
+      end
+
+      def go_modules
+        if vendor_mode
+          GoModulesTxtParser.parse(File.read(modules_txt_file), vendor_dir)
+        else
+          FFI_Yajl::Parser.parse(go_modules_json)
+        end
+      end
+
+      def vendor_mode
+        if @vendor_mode.nil?
+          @vendor_mode = File.directory?(vendor_dir)
+        end
+        @vendor_mode
+      end
+
+      def go_modules_json
+        s = Mixlib::ShellOut.new("go list -m -json all", cwd: directory, environment: LicenseScout::Config.environment)
+        s.run_command
+        s.error!
+        "[" + s.stdout.gsub("}\n{", "},\n{") + "]"
+      end
+    end
+  end
+
+  module GoModulesTxtParser
+    # The modules.txt file has lines that look like:
+    #
+    #     # gopkg.in/square/go-jose.v2 v2.1.3
+    #
+    # We parse these lines and return something that looks like `go
+    # list -m -json all` output.
+    def self.parse(data, base_path)
+      data.lines.map do |l|
+        if l.start_with?("#")
+          parts = l.split
+          {
+            "Main" => false,
+            "Path" => parts[1],
+            "Version" => parts[2],
+            "Dir" => File.join(base_path, parts[1]),
+          }
+        end
+      end.compact
+    end
+  end
+end

data/lib/license_scout/dependency_manager/habitat.rb

@@ -46,28 +46,38 @@ module LicenseScout
       def dependencies
         tdeps = Set.new(pkg_deps)
 
-        pkg_deps.each do |pkg_dep|
-          pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
-        end
-
-        tdeps.sort.map do |tdep|
-          o, n, v, r = tdep.split("/")
-          dep_name = "#{o}/#{n}"
-          dep_version = "#{v}-#{r}"
-
-          dependency = new_dependency(dep_name, dep_version, nil)
-
-          license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
-            # We hard code the channel to "unstable" because a package could be
-            # demoted from any given channel except unstable in the future and
-            # we want the url metadata to be stable in order to give end users
-            # the ability to self-audit licenses
-            # tl;dr, we want a permalink not a nowlink
-            dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+        if pkg_deps.any?
+          pkg_deps.each do |pkg_dep|
+            unless pkg_info(pkg_dep).nil?
+              pkg_info(pkg_dep)["tdeps"].each { |dep| tdeps << to_ident(dep) }
+            end
           end
 
-          dependency
-        end.compact
+          tdeps.delete(nil)
+
+          tdeps.sort.map do |tdep|
+            o, n, v, r = tdep.split("/")
+            dep_name = "#{o}/#{n}"
+            dep_version = "#{v}-#{r}"
+
+            dependency = new_dependency(dep_name, dep_version, nil)
+
+            if pkg_info(tdep).nil?
+              LicenseScout::Log.warn("Could not find information for #{tdep} -- skipping")
+            else
+              license_from_manifest(pkg_info(tdep)["manifest"]).each do |spdx|
+                # We hard code the channel to "unstable" because a package could be
+                # demoted from any given channel except unstable in the future and
+                # we want the url metadata to be stable in order to give end users
+                # the ability to self-audit licenses
+                # tl;dr, we want a permalink not a nowlink
+                dependency.add_license(spdx, "https://bldr.habitat.sh/v1/depot/channels/#{o}/unstable/pkgs/#{n}/#{v}/#{r}")
+              end
+            end
+
+            dependency
+          end.compact
+        end
       end
 
       private
@@ -86,7 +96,9 @@ module LicenseScout
           pkg_deps = c.stdout.split("\s")
 
           # Fetch the fully-qualified pkg_ident for each pkg
-          pkg_deps.map { |dep| to_ident(pkg_info(dep)["ident"]) }
+          pkg_deps.map do |dep|
+            to_ident(pkg_info(dep)["ident"]) unless pkg_info(dep).nil?
+          end
         end
       end
 
@@ -100,29 +112,31 @@ module LicenseScout
       end
 
       def pkg_info_with_channel_fallbacks(pkg_ident)
-        pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
-        pkg_channel = channel_for_origin(pkg_origin)
-
-        # Channel selection here is similar to the logic that
-        # Habitat uses. First, search in the user-provided channel,
-        # then search in stable, then use unstable IF it is a fully
-        # qualified package
-        info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
-        return info if info
-
-        if pkg_channel != DEFAULT_CHANNEL
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
-          info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+        unless pkg_ident.nil?
+          pkg_origin, pkg_name, pkg_version, pkg_release = pkg_ident.split("/")
+          pkg_channel = channel_for_origin(pkg_origin)
+
+          # Channel selection here is similar to the logic that
+          # Habitat uses. First, search in the user-provided channel,
+          # then search in stable, then use unstable IF it is a fully
+          # qualified package
+          info = get_pkg_info(pkg_origin, pkg_channel, pkg_name, pkg_version, pkg_release)
           return info if info
-        end
 
-        if !pkg_version.nil? && !pkg_release.nil?
-          LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
-          info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
-          return info if info
-        end
+          if pkg_channel != DEFAULT_CHANNEL
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{DEFAULT_CHANNEL} channel")
+            info = get_pkg_info(pkg_origin, DEFAULT_CHANNEL, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
 
-        raise LicenseScout::Exceptions::HabitatPackageNotFound.new("Could not find Habitat package #{pkg_ident}")
+          if !pkg_version.nil? && !pkg_release.nil?
+            LicenseScout::Log.debug("[habitat] Looking for #{pkg_ident} in #{FALLBACK_CHANNEL_FOR_FQ} channel since it is fully-qualified")
+            info = get_pkg_info(pkg_origin, FALLBACK_CHANNEL_FOR_FQ, pkg_name, pkg_version, pkg_release)
+            return info if info
+          end
+
+          LicenseScout::Log.warn("Could not find information for #{pkg_ident} -- skipping")
+        end
       end
 
       def get_pkg_info(origin, channel, name, version, release)

data/lib/license_scout/exporter/csv.rb

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
 
-require "csv"
+require "csv" unless defined?(CSV)
 
 module LicenseScout
   class Exporter
@@ -65,7 +65,7 @@ module LicenseScout
                 (exception_reason.nil? ? "" : exception_reason),
                 id,
                 source,
-                content
+                content,
               ]
             end
           end

data/lib/license_scout/license.rb

@@ -106,7 +106,7 @@ module LicenseScout
 
         begin
           LicenseScout::Log.debug("[license] Pulling license content for #{license_id} from #{new_url}")
-          open(new_url).read
+          URI.open(new_url).read
         rescue RuntimeError => e
           if e.message =~ /redirection forbidden/
             m = /redirection forbidden:\s+(.+)\s+->\s+(.+)/.match(e.message)
@@ -126,7 +126,7 @@ module LicenseScout
 
     def raw_github_url(url)
       case url
-      when /github.com\/(.+)\/blob\/(.+)/
+      when %r{github.com/(.+)/blob/(.+)}
         "https://raw.githubusercontent.com/#{$1}/#{$2}"
       else
         url

data/lib/license_scout/reporter.rb

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
 
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "terminal-table"
 
 require "license_scout/exceptions"

data/lib/license_scout/spdx.rb

@@ -17,7 +17,7 @@
 
 # This library was inspired by (and pulls some logic from) librariesio/spdx
 
-require "ffi_yajl"
+require "ffi_yajl" unless defined?(FFI_Yajl)
 require "fuzzy_match"
 
 module LicenseScout
@@ -32,6 +32,7 @@ module LicenseScout
       def find(license_id, force = false)
         return license_id if force
         return nil if license_id.nil? || %w{ NOASSERTION NONE }.include?(license_id)
+
         lookup(license_id) || find_by_special_case(license_id) || closest(license_id) || license_id
       end
 
@@ -44,12 +45,12 @@ module LicenseScout
 
       # @return [Hash] The SPDX license data in Hash form
       def licenses
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/licenses.json", __FILE__)))["licenses"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/licenses.json", __dir__)))["licenses"]
       end
 
       # @return [Hash] The SPDX license data in Hash form
       def exceptions
-        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("../data/exceptions.json", __FILE__)))["exceptions"]
+        @@license_data ||= FFI_Yajl::Parser.parse(File.read(File.expand_path("data/exceptions.json", __dir__)))["exceptions"]
       end
 
       def known_ids
@@ -71,6 +72,7 @@ module LicenseScout
       def find_by_special_case(license_id)
         gpl = gpl_match(license_id)
         return gpl unless gpl.nil?
+
         lookup(special_cases[license_id.downcase])
       end
 
@@ -81,6 +83,7 @@ module LicenseScout
       def gpl_match(license_id)
         match = license_id.match(/^(l|a)?gpl-?\s?_?v?(1|2|3)\.?(\d)?(\+)?$/i)
         return unless match
+
         lookup("#{match[1]}GPL-#{match[2]}.#{match[3] || 0}#{match[4]}".upcase)
       end
 

data/lib/license_scout/version.rb

@@ -16,5 +16,5 @@
 #
 
 module LicenseScout
-  VERSION = "2.2.0".freeze
+  VERSION = "2.6.2".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: license_scout
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.6.2
 platform: ruby
 authors:
 - Tom Duffield
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-14 00:00:00.000000000 Z
+date: 2021-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi-yajl
@@ -162,10 +162,12 @@ files:
 - lib/license_scout/dependency_manager/base.rb
 - lib/license_scout/dependency_manager/berkshelf.rb
 - lib/license_scout/dependency_manager/bundler.rb
+- lib/license_scout/dependency_manager/cargo.rb
 - lib/license_scout/dependency_manager/cpanm.rb
 - lib/license_scout/dependency_manager/dep.rb
 - lib/license_scout/dependency_manager/glide.rb
 - lib/license_scout/dependency_manager/godep.rb
+- lib/license_scout/dependency_manager/gomod.rb
 - lib/license_scout/dependency_manager/habitat.rb
 - lib/license_scout/dependency_manager/mix.rb
 - lib/license_scout/dependency_manager/npm.rb
@@ -197,7 +199,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Discovers license files of a project's dependencies.