licensed 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6d5a1817146cc5f614b0e2a105173d7576822350
-  data.tar.gz: 9943ff25b44537ea166f43d7bcf129ac936bb0f2
+  metadata.gz: c3597f50e8d15e450f50fca7be0b50357cc26fa5
+  data.tar.gz: cd5174f2e14dc8a752441fae45311ce3aaa5a16d
 SHA512:
-  metadata.gz: 4ae78971d00c63a2fb9a623ea1fd80dfb16bcf9937f58d34c874c698f76af676729f6ce6dc11baaacd3542f8fc17d4c392f6ea87d2b3b2ec95ecd46dae51f869
-  data.tar.gz: fb06c9f7c7c1b367b836bbf1b122f964eca15138d356a4baf1dc6ff05aa8c98ead899f9283dc274b5f1fb75698e68c9ebaff51ea1dd5f17b3a999ff179ce9ec9
+  metadata.gz: ed0c77a45225ab16a635bc1f8965523a5f0b140458b96b574cd69cb5621c4d5768e8917f827b3af433e0c9726de7628a7aae3dd6fb6ab99853c78f98578b5d4f
+  data.tar.gz: d1860f3c82f756a6de3f55fefef58385afeaefcec058cf50b3c30a67a627be3e63c44036709c4ed23f5fd8544794239c75bf984640cf662ca54c6dd9260299a5

data/.gitignore

@@ -12,4 +12,6 @@ test/fixtures/node_modules
 test/fixtures/go/src/*
 !test/fixtures/go/src/test
 test/**/.stack-work
+test/**/haskell/dist*
 vendor/licenses
+*.gem

data/README.md

@@ -73,10 +73,13 @@ reviewed:
 ### Sources
 
 Dependencies will be automatically detected for
-1. Bundler
+1. Bundler (rubygem)
 2. NPM
 3. Bower
 4. HaskellStack
+5. Cabal
+6. Go
+7. Manifest lists
 
 You can disable any of them in `vendor/licenses/config.yml`:
 
@@ -88,12 +91,50 @@ sources:
   stack: false
 ```
 
+#### Special Considerations for Sources
+##### rubygem
+The rubygem source will explicitly exclude gems in the `:development` and `:test` groups.  Be aware that if you have a local
+bundler configuration (e.g. `.bundle`), that configuration will be respected as well.  For example, if you have a local
+configuration set for `without: [':server']`, the rubygem source will exclude all gems in the `:server` group.
+
+##### cabal
+Cabal sourced dependencies are found exclusively through `ghc-pkg`. `licensed` makes no assumptions on where `ghc` package dbs are found.
+As a result, it is up to the caller to set `GHC_PACKAGE_PATHS` to all package db directories prior to calling into `licensed`.
+
+##### manifests
+Manifests are intended to be a stopgap if no package managers are available.  The manifest is a JSON file that should be placed in
+the same directory as `config.yml` and should have the following format
+```JSON
+{
+  "file1": "package1",
+  "path/to/file2": "package1",
+  "other/file3": "package2"
+}
+```
+Paths to files are expected to be relative to the git repository root.  Package names will match 1:1 with metadata files at `<licenses directory>/manifest/*.txt`.
+
+It is the responsibility of the repository owner to maintain the manifest file.
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
+#### Adding sources
+
+When adding new dependency sources, ensure that `bin/setup` scripting and tests are only run if the required tooling is available on the development machine.
+
+* See `bin/setup` for examples of gating scripting based on whether tooling executables are found.
+* Use `tool_available?` when writing test files to gate running a test suite when tooling executables aren't available.
+```ruby
+if tool_available?('bundle')
+  describe Licensed::Source::Bundler do
+    ...
+  end
+end
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org/) code of conduct.

data/bin/setup

@@ -2,23 +2,37 @@
 set -euo pipefail
 IFS=$'\n\t'
 
-bundle install
+if [ -n "$(which bundle)" ]; then
+  bundle install
+fi
 
 # Install bower fixtures
-bower install
-
+if [ -n "$(which bower)" ]; then
+  bower install
+fi
 
 cd test/fixtures
 
 # Install npm fixtures
-npm install
+if [ -n "$(which npm)" ]; then
+  npm install
+fi
 
 # Install stack fixtures
-stack build
+if [ -n "$(which stack)" ]; then
+  stack build
+fi
 
-if [ -n $(which go) ]; then
+if [ -n "$(which go)" ]; then
   export GOPATH="`pwd`/go"
 
-  cd go/src/test
-  go get
+  pushd go/src/test
+  go get || true
+  popd
+fi
+
+if [ -n "$(which cabal)" ]; then
+  pushd haskell
+  cabal new-build
+  popd
 fi

data/lib/licensed.rb

@@ -8,8 +8,10 @@ require "licensed/source/manifest"
 require "licensed/source/npm"
 require "licensed/source/stack"
 require "licensed/source/go"
+require "licensed/source/cabal"
 require "licensed/command/cache"
 require "licensed/command/verify"
+require "licensed/command/list"
 require "licensed/ui/shell"
 require "octokit"
 
@@ -28,10 +30,8 @@ module Licensed
 
     license_url = Octokit::Repository.path(match[1]) + "/license"
     response = octokit.get license_url, :accept => LICENSE_CONTENT_TYPE
-    [
-      response["license"]["key"],
-      Base64.decode64(response["content"]).force_encoding('UTF-8')
-    ]
+    content = Base64.decode64(response["content"]).force_encoding('UTF-8')
+    Licensee::ProjectFiles::LicenseFile.new(content, response["name"])
   rescue Octokit::NotFound
     nil
   end

data/lib/licensed/cli.rb

@@ -23,6 +23,13 @@ module Licensed
       run Licensed::Command::Verify.new(config)
     end
 
+    desc "list", "List dependencies"
+    method_option "license-dir", :type => :string,
+      :desc => "Path to license storage directory (defaults to vendor/licenses)"
+    def list
+      run Licensed::Command::List.new(config)
+    end
+
     private
 
     def config

data/lib/licensed/command/cache.rb

@@ -11,9 +11,7 @@ module Licensed
         @config.sources.each do |source|
           @config.ui.info "Caching licenses for #{source.type} dependencies:"
 
-          source.dependencies.each do |dependency|
-            next if @config.ignored?(dependency)
-
+          dependencies(source).each do |dependency|
             filename = @config.path.join("#{source.type}/#{dependency["name"]}.txt")
 
             if File.exist?(filename)
@@ -33,9 +31,7 @@ module Licensed
           end
 
           # Clean up dependencies that have been removed
-          names = source.dependencies.map do |dependency|
-            dependency["name"] unless @config.ignored?(dependency)
-          end.compact
+          names = dependencies(source).map { |d| d["name"] }
 
           license_source_path = @config.path.join(source.type)
           Dir.glob(license_source_path.join("**/*.txt")).each do |file|
@@ -47,10 +43,14 @@ module Licensed
 
         @config.ui.confirm "License caching complete!"
         @config.sources.each do |source|
-          @config.ui.confirm "* #{source.type} dependencies: #{source.dependencies.size}"
+          @config.ui.confirm "* #{source.type} dependencies: #{dependencies(source).size}"
         end
       end
 
+      def dependencies(source)
+        source.dependencies.select { |d| !@config.ignored?(d) }
+      end
+
       def success?
         true
       end

data/lib/licensed/command/list.rb

@@ -0,0 +1,33 @@
+module Licensed
+  module Command
+    class List
+      attr_reader :config
+
+      def initialize(config)
+        @config = config
+      end
+
+      def run
+        @config.sources.each do |source|
+          @config.ui.info "Displaying licenses for #{source.type} dependencies:"
+
+          dependencies(source).each do |dependency|
+            @config.ui.info "  Found #{dependency['name']} (#{dependency['version']})"
+          end
+
+          @config.ui.confirm "* #{source.type} dependencies: #{dependencies(source).size}"
+        end
+      end
+
+      def dependencies(source)
+        source.dependencies
+              .select { |d| !@config.ignored?(d) }
+              .sort_by { |d| d['name'] }
+      end
+
+      def success?
+        true
+      end
+    end
+  end
+end

data/lib/licensed/command/verify.rb

@@ -10,19 +10,20 @@ module Licensed
       end
 
       def approved?(dependency)
-        @config.whitelisted?(dependency) ||
-        @config.reviewed?(dependency)
+        @config.whitelisted?(dependency) || @config.reviewed?(dependency)
       end
 
       def dependencies
-        @dependencies ||= @config.sources.map(&:dependencies).flatten
+        @dependencies ||= @config.sources
+                                 .map(&:dependencies)
+                                 .flatten
+                                 .select { |d| !@config.ignored?(d) }
       end
 
       def run
         @config.ui.info "Verifying licenses for #{dependencies.size} dependencies"
 
         @results = dependencies.map do |dependency|
-          next if @config.ignored?(dependency)
           filename = @config.path.join("#{dependency["type"]}/#{dependency["name"]}.txt")
 
           warnings = []

data/lib/licensed/configuration.rb

@@ -37,10 +37,11 @@ module Licensed
       @sources ||= [
         Source::Bundler.new(self),
         Source::Bower.new(self),
+        Source::Cabal.new(self),
+        Source::Go.new(self),
         Source::Manifest.new(self),
         Source::NPM.new(self),
-        Source::Stack.new(self),
-        Source::Go.new(self)
+        Source::Stack.new(self)
       ].select(&:enabled?)
     end
 

data/lib/licensed/dependency.rb

@@ -26,42 +26,74 @@ module Licensed
     end
 
     def detect_license!
+      self["license"] = license_key
+      self.text = ([license_text] + self.notices).compact.join("\n" + "-" * 80 + "\n")
+    end
+
+    # Extract legal notices from the dependency source
+    def notices
+      files = local_files
+
       if project.license_file
-        license = project.license.key if project.license
-      else
-        # No license file detected, see if there is one in the GitHub repository
-        license, content = Licensed.from_github(self["homepage"])
-
-        # No license in the GitHub repository, see if there is one in the README
-        if !license && project.readme
-          license = project.license.key if project.license
-          content = project.readme.content
-        end
+        files.unshift File.join(project.license_file[:dir], project.license_file.filename)
       end
 
-      self["license"] = license || package_manager_license || "other"
-      self.text = ([content] + self.notices).compact.join("\n" + "-" * 80 + "\n")
+      files.uniq.map { |f| File.read(f) }
     end
 
-    def package_manager_license
-      project.license.key if project.license
+    def local_files
+      return [] unless Dir.exist?(path)
+
+      Dir.foreach(path).map do |file|
+        next unless file.match(LEGAL_FILES)
+
+        file_path = File.join(path, file)
+        next unless File.file?(file_path)
+
+        file_path
+      end.compact
     end
 
-    # Extract legal notices from the dependency source
-    def notices
-      return [] unless Dir.exist? path
+    private
 
-      files = Dir.foreach(path).select do |file|
-        File.file?(File.join(path, file)) && file.match(LEGAL_FILES)
-      end
+    # Returns the Licensee::ProjectFile representing the matched_project_file
+    # or remote_license_file
+    def project_file
+      matched_project_file || remote_license_file
+    end
 
-      if license_file = project.license_file
-        files.unshift File.join(license_file[:dir], license_file.filename)
-      end
+    # Returns the Licensee::LicenseFile, Licensee::PackageManagerFile, or
+    # Licensee::ReadmeFile with a matched license, in that order or nil
+    # if no license file matched a known license
+    def matched_project_file
+      @matched_project_file ||= project.matched_files
+                                       .select { |f| f.license && !f.license.other? }
+                                       .first
+    end
 
-      files.uniq.map do |f|
-        absolute_path = Pathname.new(f).absolute? ? f : File.join(path, f)
-        File.read(absolute_path)
+    # Returns a Licensee::LicenseFile with the content of the license in the
+    # dependency's repository to account for LICENSE files not being distributed
+    def remote_license_file
+      @remote_license_file ||= Licensed.from_github(self["homepage"])
+    end
+
+    # Regardless of the license detected, try to pull the license content
+    # from the local LICENSE, remote LICENSE, or the README, in that order
+    def license_text
+      content_file = project.license_file || remote_license_file || project.readme_file
+      content_file.content if content_file
+    end
+
+    # Returns a string representing the project's license
+    # Note, this will be "other" if a license file was found but the license
+    # could not be identified and "none" if no license file was found at all
+    def license_key
+      if project_file && project_file.license
+        project_file.license.key
+      elsif project.license_file || remote_license_file
+        "other"
+      else
+        "none"
       end
     end
   end

data/lib/licensed/source/cabal.rb

@@ -0,0 +1,128 @@
+require 'English'
+
+module Licensed
+  module Source
+    class Cabal
+      def initialize(config)
+        @config = config
+      end
+
+      def type
+        'cabal'
+      end
+
+      def enabled?
+        @config.enabled?(type) && cabal_packages.any? && ghc?
+      end
+
+      def dependencies
+        @dependencies ||= package_ids.map do |id|
+          package = package_info(id)
+
+          path, search_root = package_docs_dirs(package)
+          Dependency.new(path, {
+            'type'     => type,
+            'name'     => package['name'],
+            'version'  => package['version'],
+            'summary'  => package['synopsis'],
+            'homepage' => safe_homepage(package['homepage']),
+            'search_root' => search_root
+          })
+        end
+      end
+
+      def package_docs_dirs(package)
+        unless package['haddock-html']
+          # default to a local vendor directory if haddock-html property
+          # isn't available
+          return [File.join(@config.pwd, 'vendor', package['name']), nil]
+        end
+
+        html_dir = package['haddock-html']
+        data_dir = package['data-dir']
+        return [html_dir, nil] unless data_dir
+
+        # don't use a search root that isn't an ancestor of the haddock-html dir
+        unless Pathname.new(html_dir).fnmatch?(File.join(data_dir, '**'))
+          data_dir = nil
+        end
+
+        [html_dir, data_dir]
+      end
+
+      def safe_homepage(homepage)
+        return unless homepage
+        # use https and remove url fragment
+        homepage.gsub(/http:/, 'https:')
+                .gsub(/#[^?]*\z/, '')
+      end
+
+      def package_ids
+        deps = cabal_packages.flat_map { |n| package_dependencies(n, false) }
+        recursive_dependencies(deps)
+      end
+
+      def recursive_dependencies(package_names, results = Set.new)
+        return [] if package_names.nil? || package_names.empty?
+
+        new_packages = Set.new(package_names) - results.to_a
+        return [] if new_packages.empty?
+
+        results.merge new_packages
+
+        dependencies = new_packages.flat_map { |n| package_dependencies(n) }
+                                   .compact
+
+        return results if dependencies.empty?
+
+        results.merge recursive_dependencies(dependencies, results)
+      end
+
+      def package_dependencies(id, full_id = true)
+        package_dependencies_command(id, full_id).gsub('depends:', '')
+                                                 .split
+                                                 .map(&:strip)
+      end
+
+      def package_dependencies_command(id, full_id)
+        args = full_id ? '--ipid' : ''
+        fields = %w(depends)
+
+        ghc_pkg_field_command(id, fields, args)
+      end
+
+      def package_info(id)
+        package_info_command(id).lines.each_with_object({}) do |line, info|
+          key, value = line.split(':', 2).map(&:strip)
+          next unless key && value
+
+          info[key] = value
+        end
+      end
+
+      def package_info_command(id)
+        fields = %w(name version synopsis homepage haddock-html data-dir)
+        ghc_pkg_field_command(id, fields, '--ipid')
+      end
+
+      def ghc_pkg_field_command(id, fields, *args)
+        `ghc-pkg field #{id} #{fields.join(',')} #{args.join(' ')}`
+      end
+
+      def cabal_packages
+        cabal_files.map do |f|
+          name_match = File.read(f).match(/^name:\s*(.*)$/)
+          name_match[1] if name_match
+        end.compact
+      end
+
+      def cabal_files
+        @cabal_files ||= Dir.glob(File.join(@config.pwd, '*.cabal'))
+      end
+
+      def ghc?
+        @ghc = `which ghc 2>/dev/null` && $CHILD_STATUS.success?
+      end
+    end
+  end
+end

data/lib/licensed/source/go.rb

@@ -9,7 +9,7 @@ module Licensed
       end
 
       def type
-        "go"
+        'go'
       end
 
       def enabled?
@@ -26,13 +26,14 @@ module Licensed
             raise "couldn't find package for #{import_path}"
           end
 
-          Dependency.new(package["Dir"], {
-            "type"        => type,
-            "name"        => import_path,
-            "summary"     => package["Doc"],
-            "homepage"    => homepage(import_path),
-            "search_root" => search_root(package),
-            "version"     => package_version(package["Dir"])
+          package_dir = package['Dir']
+          Dependency.new(package_dir, {
+            'type'        => type,
+            'name'        => import_path,
+            'summary'     => package['Doc'],
+            'homepage'    => homepage(import_path),
+            'search_root' => search_root(package_dir),
+            'version'     => package_version(package_dir)
           })
         end.compact
       end
@@ -49,26 +50,26 @@ module Licensed
 
       # Returns an array of dependency package import paths
       def packages
-        return [] unless root_package["Deps"]
+        return [] unless root_package['Deps']
 
         # don't include go std packages
         # don't include packages under the root project that aren't vendored
-        root_package["Deps"]
+        root_package['Deps']
           .uniq
           .select { |d| !go_std_packages.include?(d) }
-          .select { |d| !d.start_with?(root_package["ImportPath"]) || vendored_package?(d) }
+          .select { |d| !d.start_with?(root_package['ImportPath']) || vendored_path?(d) }
       end
 
       # Returns the root directory to search for a package license
       #
       # package - package object obtained from package_info
-      def search_root(package)
+      def search_root(package_dir)
         # search root choices:
         # 1. vendor folder if package is vendored
         # 2. GOPATH
         # 3. nil (no search up directory hierarchy)
-        return vendor_dir if vendored_package?(package["ImportPath"])
-        ENV.fetch("GOPATH", nil)
+        return package_dir.match('^(.*/vendor)/.*$')[1] if vendored_path?(package_dir)
+        ENV.fetch('GOPATH', nil)
       end
 
       # Returns the most recent git SHA for a package, or nil if SHA is
@@ -84,9 +85,9 @@ module Licensed
       # Returns whether a package is vendored or not based on the package
       # import_path
       #
-      # import_path - Package import path to test
-      def vendored_package?(import_path)
-        import_path && import_path.start_with?(vendor_import_path)
+      # path - Package path to test
+      def vendored_path?(path)
+        path && path.include?('vendor/')
       end
 
       # Returns the import path parameter without the vendor component
@@ -94,7 +95,8 @@ module Licensed
       # import_path - Package import path with vendor component
       def non_vendored_import_path(import_path)
         return unless import_path
-        import_path.gsub(vendor_import_path, "")
+        return import_path unless vendored_path?(import_path)
+        import_path.split('vendor/')[1]
       end
 
       # Returns package information, or {} if package isn't found
@@ -113,16 +115,6 @@ module Licensed
         `go list -json #{package}`
       end
 
-      # Returns the root directory for vendored packages
-      def vendor_dir
-        "#{root_package["Dir"]}/vendor"
-      end
-
-      # Returns the import path for vendored packages
-      def vendor_import_path
-        "#{root_package["ImportPath"]}/vendor/"
-      end
-
       # Returns the info for the package under test
       def root_package
         @root_package ||= package_info

data/lib/licensed/source/manifest.rb

@@ -17,7 +17,7 @@ module Licensed
 
       def dependencies
         @dependencies ||= packages.map do |package_name, sources|
-          Dependency.new(common_dir(sources), {
+          Dependency.new(sources_license_path(sources), {
             'type'     => type,
             'name'     => package_name,
             'version'  => package_version(sources)
@@ -25,13 +25,16 @@ module Licensed
         end
       end
 
-      def common_dir(sources)
-        common_prefix = Pathname.common_prefix(*sources)
+      def sources_license_path(sources)
+        common_prefix = Pathname.common_prefix(*sources).to_path
 
-        # if there's no common prefix, use the directory of the first source
-        common_prefix = Pathname.new(sources[0]).dirname unless common_prefix
+        # don't allow the repo root to be used as common prefix
+        # the project this is run for should be excluded from the manifest,
+        # or ignored in the config.  any license in the root should be ignored.
+        return common_prefix if common_prefix != repository_root
 
-        Pathname.new(@config.path).join(common_prefix).expand_path.to_path
+        # use the first source file as the license path.
+        sources.first
       end
 
       def package_version(sources)
@@ -54,7 +57,7 @@ module Licensed
         manifest.each_with_object({}) do |(src, package_name), hsh|
           next if src.nil? || src.empty?
           hsh[package_name] ||= []
-          hsh[package_name] << src
+          hsh[package_name] << File.join(repository_root, src)
         end
       end
 
@@ -65,6 +68,10 @@ module Licensed
       def manifest_path
         @config.path.join('manifest.json')
       end
+
+      def repository_root
+        @root ||= `git rev-parse --show-toplevel`.strip
+      end
     end
   end
 end

data/lib/licensed/version.rb

@@ -1,3 +1,3 @@
 module Licensed
-  VERSION = "0.10.0"
+  VERSION = "0.11.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-09-12 00:00:00.000000000 Z
+date: 2017-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -212,10 +212,13 @@ description: |
   ### Sources
 
   Dependencies will be automatically detected for
-  1. Bundler
+  1. Bundler (rubygem)
   2. NPM
   3. Bower
   4. HaskellStack
+  5. Cabal
+  6. Go
+  7. Manifest lists
 
   You can disable any of them in `vendor/licenses/config.yml`:
 
@@ -227,12 +230,50 @@ description: |
     stack: false
   ```
 
+  #### Special Considerations for Sources
+  ##### rubygem
+  The rubygem source will explicitly exclude gems in the `:development` and `:test` groups.  Be aware that if you have a local
+  bundler configuration (e.g. `.bundle`), that configuration will be respected as well.  For example, if you have a local
+  configuration set for `without: [':server']`, the rubygem source will exclude all gems in the `:server` group.
+
+  ##### cabal
+  Cabal sourced dependencies are found exclusively through `ghc-pkg`. `licensed` makes no assumptions on where `ghc` package dbs are found.
+  As a result, it is up to the caller to set `GHC_PACKAGE_PATHS` to all package db directories prior to calling into `licensed`.
+
+  ##### manifests
+  Manifests are intended to be a stopgap if no package managers are available.  The manifest is a JSON file that should be placed in
+  the same directory as `config.yml` and should have the following format
+  ```JSON
+  {
+    "file1": "package1",
+    "path/to/file2": "package1",
+    "other/file3": "package2"
+  }
+  ```
+  Paths to files are expected to be relative to the git repository root.  Package names will match 1:1 with metadata files at `<licenses directory>/manifest/*.txt`.
+
+  It is the responsibility of the repository owner to maintain the manifest file.
+
   ## Development
 
   After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
   To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
+  #### Adding sources
+
+  When adding new dependency sources, ensure that `bin/setup` scripting and tests are only run if the required tooling is available on the development machine.
+
+  * See `bin/setup` for examples of gating scripting based on whether tooling executables are found.
+  * Use `tool_available?` when writing test files to gate running a test suite when tooling executables aren't available.
+  ```ruby
+  if tool_available?('bundle')
+    describe Licensed::Source::Bundler do
+      ...
+    end
+  end
+  ```
+
   ## Contributing
 
   Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org/) code of conduct.
@@ -263,12 +304,14 @@ files:
 - lib/licensed.rb
 - lib/licensed/cli.rb
 - lib/licensed/command/cache.rb
+- lib/licensed/command/list.rb
 - lib/licensed/command/verify.rb
 - lib/licensed/configuration.rb
 - lib/licensed/dependency.rb
 - lib/licensed/license.rb
 - lib/licensed/source/bower.rb
 - lib/licensed/source/bundler.rb
+- lib/licensed/source/cabal.rb
 - lib/licensed/source/go.rb
 - lib/licensed/source/manifest.rb
 - lib/licensed/source/npm.rb