licensed 0.6.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 188fefd78d80c7a9d36985fde025efada389711a
-  data.tar.gz: 9cd69efe41165826cfeca9ba29ab930a9718afbd
+  metadata.gz: 6d5a1817146cc5f614b0e2a105173d7576822350
+  data.tar.gz: 9943ff25b44537ea166f43d7bcf129ac936bb0f2
 SHA512:
-  metadata.gz: bf8b94250ef319e828bf0740056087057e744e3f460f841293c2cef95d8c31dc7f25a484f97b9fbf4a1f3af873a95e6f23f5ea653c9808e868d1a856fb946bb4
-  data.tar.gz: 23f5f40eb1620bbae7370a0bde096becd916dd49f76703413939271509d975f612c1c22864f423b8d962934d5b91e54d49829d70e77d116ba3993476b61091f0
+  metadata.gz: 4ae78971d00c63a2fb9a623ea1fd80dfb16bcf9937f58d34c874c698f76af676729f6ce6dc11baaacd3542f8fc17d4c392f6ea87d2b3b2ec95ecd46dae51f869
+  data.tar.gz: fb06c9f7c7c1b367b836bbf1b122f964eca15138d356a4baf1dc6ff05aa8c98ead899f9283dc274b5f1fb75698e68c9ebaff51ea1dd5f17b3a999ff179ce9ec9

data/.gitignore

@@ -9,4 +9,7 @@
 /tmp/
 test/fixtures/bower_components
 test/fixtures/node_modules
+test/fixtures/go/src/*
+!test/fixtures/go/src/test
+test/**/.stack-work
 vendor/licenses

data/CODE_OF_CONDUCT.md

@@ -1,13 +1,71 @@
-# Contributor Code of Conduct
+Contributor Covenant Code of Conduct
 
-As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+Our Pledge
 
-We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
 
-Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+Our Standards
 
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+Examples of behavior that contributes to creating a positive environment
+include:
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
 
-This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at opensource+licensed@github.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
+available at http://contributor-covenant.org/version/1/4/

data/README.md

@@ -72,13 +72,20 @@ reviewed:
 
 ### Sources
 
-Dependencies from Bundler, NPM, and Bower will be automatically detected. You can disable any of them in `vendor/licenses/config.yml`:
+Dependencies will be automatically detected for
+1. Bundler
+2. NPM
+3. Bower
+4. HaskellStack
+
+You can disable any of them in `vendor/licenses/config.yml`:
 
 ```yml
 sources:
   rubygem: false
   npm: false
   bower: false
+  stack: false
 ```
 
 ## Development
@@ -89,7 +96,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org/) code of conduct.
 
 ## License
 

data/bin/setup

@@ -7,5 +7,18 @@ bundle install
 # Install bower fixtures
 bower install
 
-# Install bower fixtures
-cd test/fixtures && npm install
+
+cd test/fixtures
+
+# Install npm fixtures
+npm install
+
+# Install stack fixtures
+stack build
+
+if [ -n $(which go) ]; then
+  export GOPATH="`pwd`/go"
+
+  cd go/src/test
+  go get
+fi

data/lib/licensed.rb

@@ -4,7 +4,10 @@ require "licensed/license"
 require "licensed/dependency"
 require "licensed/source/bundler"
 require "licensed/source/bower"
+require "licensed/source/manifest"
 require "licensed/source/npm"
+require "licensed/source/stack"
+require "licensed/source/go"
 require "licensed/command/cache"
 require "licensed/command/verify"
 require "licensed/ui/shell"

data/lib/licensed/cli.rb

@@ -9,12 +9,16 @@ module Licensed
       :desc => "Overwrite licenses even if version has not changed."
     method_option :offline, :type => :boolean,
       :desc => "Do not make network calls."
+    method_option "license-dir", :type => :string,
+      :desc => "Path to license storage directory (defaults to vendor/licenses)"
     def cache
       Licensed.use_github = false if options[:offline]
       run Licensed::Command::Cache.new(config), force: options[:force]
     end
 
     desc "verify", "Verify licenses of dependencies"
+    method_option "license-dir", :type => :string,
+      :desc => "Path to license storage directory (defaults to vendor/licenses)"
     def verify
       run Licensed::Command::Verify.new(config)
     end
@@ -22,7 +26,7 @@ module Licensed
     private
 
     def config
-      @config ||= Configuration.new
+      @config ||= Configuration.new(options)
     end
 
     def run(command, *args)

data/lib/licensed/command/cache.rb

@@ -37,8 +37,11 @@ module Licensed
             dependency["name"] unless @config.ignored?(dependency)
           end.compact
 
-          Dir.glob(@config.path.join("#{source.type}/*.txt")).each do |file|
-            FileUtils.rm(file) unless names.include?(File.basename(file, ".txt"))
+          license_source_path = @config.path.join(source.type)
+          Dir.glob(license_source_path.join("**/*.txt")).each do |file|
+            file_path = Pathname.new(file)
+            relative_path = file_path.relative_path_from(license_source_path).to_s
+            FileUtils.rm(file) unless names.include?(relative_path.chomp(".txt"))
           end
         end
 

data/lib/licensed/configuration.rb

@@ -4,8 +4,9 @@ module Licensed
   class Configuration < Hash
     attr_accessor :ui
 
-    def initialize
+    def initialize(options = {})
       super()
+      self.path = options["license-dir"] if options["license-dir"]
       update config_path.exist? ? YAML.load_file(config_path) : {}
 
       self["sources"] ||= {}
@@ -17,7 +18,11 @@ module Licensed
     end
 
     def path
-      Pathname.new("vendor/licenses")
+      @path ||= Pathname.new("vendor/licenses")
+    end
+
+    def path=(value)
+      @path = Pathname.new(value)
     end
 
     def config_path
@@ -32,7 +37,10 @@ module Licensed
       @sources ||= [
         Source::Bundler.new(self),
         Source::Bower.new(self),
-        Source::NPM.new(self)
+        Source::Manifest.new(self),
+        Source::NPM.new(self),
+        Source::Stack.new(self),
+        Source::Go.new(self)
       ].select(&:enabled?)
     end
 

data/lib/licensed/dependency.rb

@@ -2,17 +2,27 @@ require "licensee"
 
 module Licensed
   class Dependency < License
-    LEGAL_FILES = /\A(COPYING|NOTICE|LEGAL)(?:\..*)?\z/i
+    LEGAL_FILES = /\A(AUTHORS|COPYING|NOTICE|LEGAL)(?:\..*)?\z/i
 
     attr_reader :path
+    attr_reader :search_root
 
     def initialize(path, metadata = {})
       @path = path
+      @search_root = metadata.delete("search_root")
+
+      # with licensee now providing license_file[:dir],
+      # enforcing absolute paths makes life much easier when determining
+      # an absolute file path in notices\
+      unless Pathname.new(path).absolute?
+        raise "Dependency path #{path} must be absolute"
+      end
+
       super metadata
     end
 
     def project
-      @project ||= Licensee::FSProject.new(path, detect_packages: true, detect_readme: true)
+      @project ||= Licensee::Projects::FSProject.new(path, search_root: search_root, detect_packages: true, detect_readme: true)
     end
 
     def detect_license!
@@ -39,12 +49,20 @@ module Licensed
 
     # Extract legal notices from the dependency source
     def notices
+      return [] unless Dir.exist? path
+
       files = Dir.foreach(path).select do |file|
         File.file?(File.join(path, file)) && file.match(LEGAL_FILES)
       end
-      files.unshift project.license_file.filename if project.license_file
 
-      files.uniq.map { |f| File.read(File.join(path, f)) }
+      if license_file = project.license_file
+        files.unshift File.join(license_file[:dir], license_file.filename)
+      end
+
+      files.uniq.map do |f|
+        absolute_path = Pathname.new(f).absolute? ? f : File.join(path, f)
+        File.read(absolute_path)
+      end
     end
   end
 end

data/lib/licensed/license.rb

@@ -13,7 +13,7 @@ module Licensed
     #
     # Returns a Licensed::License
     def self.read(filename)
-      match = File.read(filename).match(YAML_FRONTMATTER_PATTERN)
+      match = File.read(filename).scrub.match(YAML_FRONTMATTER_PATTERN)
       new(YAML.load(match[1]), match[2])
     end
 

data/lib/licensed/source/bower.rb

@@ -13,7 +13,7 @@ module Licensed
 
       def enabled?
         return false unless @config.enabled?(type)
-        
+
         [@config.pwd.join(".bowerrc"), @config.pwd.join("bower.json")].any? do |path|
           File.exist?(path)
         end
@@ -22,10 +22,11 @@ module Licensed
       def dependencies
         @dependencies ||= Dir.glob(bower_path.join("*/.bower.json")).map do |file|
           package = JSON.parse(File.read(file))
-          Dependency.new(File.dirname(file), {
+          path = bower_path.join(file).dirname.to_path
+          Dependency.new(path, {
             "type"     => type,
             "name"     => package["name"],
-            "version"  => package["version"],
+            "version"  => package["version"] || package["_release"],
             "summary"  => package["description"],
             "homepage" => package["homepage"]
           })
@@ -40,7 +41,7 @@ module Licensed
       end
 
       def bower_path
-        pwd = bower_config["cwd"] ? Pathname.new(bower_config["cwd"]) : @config.pwd
+        pwd = bower_config["cwd"] ? Pathname.new(bower_config["cwd"]).expand_path : @config.pwd
         pwd.join bower_config["directory"] || "bower_components"
       end
     end

data/lib/licensed/source/bundler.rb

@@ -37,11 +37,11 @@ module Licensed
       end
 
       def gemfile_path
-        @config.pwd.join "Gemfile"
+        @config.pwd.join ::Bundler.default_gemfile.basename.to_s
       end
 
       def lockfile_path
-        @config.pwd.join "Gemfile.lock"
+        @config.pwd.join ::Bundler.default_lockfile.basename.to_s
       end
 
     end

data/lib/licensed/source/go.rb

@@ -0,0 +1,147 @@
+require 'json'
+require 'English'
+
+module Licensed
+  module Source
+    class Go
+      def initialize(config)
+        @config = config
+      end
+
+      def type
+        "go"
+      end
+
+      def enabled?
+        @config.enabled?(type) && go_source?
+      end
+
+      def dependencies
+        @dependencies ||= packages.map do |package_name|
+          package = package_info(package_name)
+          import_path = non_vendored_import_path(package_name)
+
+          if package.empty?
+            next if @config.ignored?('type' => type, 'name' => package_name)
+            raise "couldn't find package for #{import_path}"
+          end
+
+          Dependency.new(package["Dir"], {
+            "type"        => type,
+            "name"        => import_path,
+            "summary"     => package["Doc"],
+            "homepage"    => homepage(import_path),
+            "search_root" => search_root(package),
+            "version"     => package_version(package["Dir"])
+          })
+        end.compact
+      end
+
+      # Returns the homepage for a package import_path.  Assumes that the
+      # import path itself is a url domain and path
+      def homepage(import_path)
+        return unless import_path
+
+        # hacky but generally works due to go packages looking like
+        # "github.com/..." or "golang.org/..."
+        "https://#{import_path}"
+      end
+
+      # Returns an array of dependency package import paths
+      def packages
+        return [] unless root_package["Deps"]
+
+        # don't include go std packages
+        # don't include packages under the root project that aren't vendored
+        root_package["Deps"]
+          .uniq
+          .select { |d| !go_std_packages.include?(d) }
+          .select { |d| !d.start_with?(root_package["ImportPath"]) || vendored_package?(d) }
+      end
+
+      # Returns the root directory to search for a package license
+      #
+      # package - package object obtained from package_info
+      def search_root(package)
+        # search root choices:
+        # 1. vendor folder if package is vendored
+        # 2. GOPATH
+        # 3. nil (no search up directory hierarchy)
+        return vendor_dir if vendored_package?(package["ImportPath"])
+        ENV.fetch("GOPATH", nil)
+      end
+
+      # Returns the most recent git SHA for a package, or nil if SHA is
+      # not available
+      #
+      # package_directory - package location
+      def package_version(package_directory)
+        return unless git? && package_directory
+
+        `cd #{package_directory} && git rev-list -1 HEAD -- .`.strip
+      end
+
+      # Returns whether a package is vendored or not based on the package
+      # import_path
+      #
+      # import_path - Package import path to test
+      def vendored_package?(import_path)
+        import_path && import_path.start_with?(vendor_import_path)
+      end
+
+      # Returns the import path parameter without the vendor component
+      #
+      # import_path - Package import path with vendor component
+      def non_vendored_import_path(import_path)
+        return unless import_path
+        import_path.gsub(vendor_import_path, "")
+      end
+
+      # Returns package information, or {} if package isn't found
+      #
+      # package - Go package import path
+      def package_info(package = nil)
+        info = package_info_command(package)
+        return {} if info.empty?
+        JSON.parse(info)
+      end
+
+      # Returns package information as a JSON string
+      #
+      # package - Go package import path
+      def package_info_command(package)
+        `go list -json #{package}`
+      end
+
+      # Returns the root directory for vendored packages
+      def vendor_dir
+        "#{root_package["Dir"]}/vendor"
+      end
+
+      # Returns the import path for vendored packages
+      def vendor_import_path
+        "#{root_package["ImportPath"]}/vendor/"
+      end
+
+      # Returns the info for the package under test
+      def root_package
+        @root_package ||= package_info
+      end
+
+      # Returns whether go source is found
+      def go_source?
+        @go_source ||= `go doc 2>/dev/null` && $CHILD_STATUS.success?
+      end
+
+      # Returns a list of go standard packages
+      def go_std_packages
+        @std_packages ||= `go list std`.lines.map(&:strip)
+      end
+
+      # Returns whether git commands are available
+      def git?
+        @git ||= `which git 2>/dev/null` && $CHILD_STATUS.success?
+      end
+    end
+  end
+end

data/lib/licensed/source/manifest.rb

@@ -0,0 +1,70 @@
+require 'pathname/common_prefix'
+
+module Licensed
+  module Source
+    class Manifest
+      def initialize(config)
+        @config = config
+      end
+
+      def enabled?
+        @config.enabled?(type) && File.exist?(manifest_path)
+      end
+
+      def type
+        'manifest'
+      end
+
+      def dependencies
+        @dependencies ||= packages.map do |package_name, sources|
+          Dependency.new(common_dir(sources), {
+            'type'     => type,
+            'name'     => package_name,
+            'version'  => package_version(sources)
+          })
+        end
+      end
+
+      def common_dir(sources)
+        common_prefix = Pathname.common_prefix(*sources)
+
+        # if there's no common prefix, use the directory of the first source
+        common_prefix = Pathname.new(sources[0]).dirname unless common_prefix
+
+        Pathname.new(@config.path).join(common_prefix).expand_path.to_path
+      end
+
+      def package_version(sources)
+        return if sources.nil? || sources.empty?
+
+        # return the latest version from the sources
+        sources.map { |s| source_version_command(s) }
+               .max_by { |sha| commit_date_command(sha) }
+      end
+
+      def commit_date_command(sha)
+        `git show -s -1 --format=%ct #{sha}`.strip
+      end
+
+      def source_version_command(source)
+        `git rev-list -1 HEAD -- #{source}`.strip
+      end
+
+      def packages
+        manifest.each_with_object({}) do |(src, package_name), hsh|
+          next if src.nil? || src.empty?
+          hsh[package_name] ||= []
+          hsh[package_name] << src
+        end
+      end
+
+      def manifest
+        JSON.parse(File.read(manifest_path))
+      end
+
+      def manifest_path
+        @config.path.join('manifest.json')
+      end
+    end
+  end
+end

data/lib/licensed/source/npm.rb

@@ -18,10 +18,18 @@ module Licensed
       def dependencies
         return @dependencies if defined?(@dependencies)
 
-        packages = recursive_dependencies(JSON.parse(command)["dependencies"])
+        locations = {}
+        package_location_command.lines.each do |line|
+          path, id = line.split(":")[0, 2]
+          locations[id] ||= path
+        end
+
+        packages = recursive_dependencies(JSON.parse(package_metadata_command)["dependencies"])
 
         @dependencies = packages.map do |name, package|
-          Dependency.new(package["realPath"], {
+          path = package["realPath"] || locations["#{package["name"]}@#{package["version"]}"]
+          fail "couldn't locate #{name} under node_modules/" unless path
+          Dependency.new(path, {
             "type"     => type,
             "name"     => package["name"],
             "version"  => package["version"],
@@ -31,8 +39,12 @@ module Licensed
         end
       end
 
-      def command
-        `npm list --json --production --long`
+      def package_location_command
+        `npm list --parseable --production --long 2>/dev/null`
+      end
+
+      def package_metadata_command
+        `npm list --json --production --long 2>/dev/null`
       end
 
       def recursive_dependencies(dependencies, result = {})

data/lib/licensed/source/stack.rb

@@ -0,0 +1,66 @@
+module Licensed
+  module Source
+    class Stack
+      def initialize(config)
+        @config = config
+      end
+
+      def type
+        "stack"
+      end
+
+      def enabled?
+        @config.enabled?(type) && File.exist?(@config.pwd.join("stack.yaml"))
+      end
+
+      def dependencies
+        @dependencies ||= packages.map do |(name, version)|
+          package_id = "#{name}-#{version}"
+          package = package_info package_id
+
+          if package.empty?
+            next if @config.ignored?('type' => type, 'name' => name)
+            raise "couldn't locate #{package_id} with ghc-pkg"
+          end
+
+          path = package["haddock-html"] || File.join(@config.pwd, "vendor", name)
+          Dependency.new(path, {
+            "type"     => type,
+            "name"     => package["name"] || name,
+            "version"  => package["version"] || version,
+            "summary"  => package["synopsis"],
+            "homepage" => safe_homepage(package["homepage"])
+          })
+        end.compact
+      end
+
+      def safe_homepage(homepage)
+        return unless homepage
+        # use https and remove url fragment
+        homepage.gsub(/http:/, "https:")
+                .gsub(/#[^?]*\z/, "")
+      end
+
+      def packages
+        list_packages_command.lines.map(&:split)
+      end
+
+      def list_packages_command
+        `stack list-dependencies --no-include-base`
+      end
+
+      def package_info(package_id)
+        package_info_command(package_id).lines.each_with_object({}) do |line, info|
+          key, value = line.split(':', 2).map(&:strip)
+          next unless key && value
+
+          info[key] = value
+        end
+      end
+
+      def package_info_command(package_id)
+        `stack exec -- ghc-pkg field #{package_id} name,version,synopsis,homepage,haddock-html 2>/dev/null`
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,3 +1,3 @@
 module Licensed
-  VERSION = "0.6.0"
+  VERSION = "0.10.0"
 end

data/licensed.gemspec

@@ -19,9 +19,10 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "licensee", "~> 8.0"
+  spec.add_dependency "licensee", "~> 9.0"
   spec.add_dependency "thor", "~>0.19"
   spec.add_dependency "octokit", "~>4.0"
+  spec.add_dependency "pathname-common_prefix", "~>0.0.1"
 
   spec.add_development_dependency "bundler", "~> 1.10"
   spec.add_development_dependency "rake", "~> 10.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.10.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-03-18 00:00:00.000000000 Z
+date: 2017-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: pathname-common_prefix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -197,13 +211,20 @@ description: |
 
   ### Sources
 
-  Dependencies from Bundler, NPM, and Bower will be automatically detected. You can disable any of them in `vendor/licenses/config.yml`:
+  Dependencies will be automatically detected for
+  1. Bundler
+  2. NPM
+  3. Bower
+  4. HaskellStack
+
+  You can disable any of them in `vendor/licenses/config.yml`:
 
   ```yml
   sources:
     rubygem: false
     npm: false
     bower: false
+    stack: false
   ```
 
   ## Development
@@ -214,7 +235,7 @@ description: |
 
   ## Contributing
 
-  Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+  Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org/) code of conduct.
 
   ## License
 
@@ -248,7 +269,10 @@ files:
 - lib/licensed/license.rb
 - lib/licensed/source/bower.rb
 - lib/licensed/source/bundler.rb
+- lib/licensed/source/go.rb
+- lib/licensed/source/manifest.rb
 - lib/licensed/source/npm.rb
+- lib/licensed/source/stack.rb
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
 - licensed.gemspec
@@ -272,7 +296,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: extract and validate the licenses of dependencies.