licensed 2.10.0 → 2.12.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8b47685dba77cc47406dfa9aa2dd805c5f4a1746ea547a5b34c39a6d2ec47dcf
-  data.tar.gz: 0eef1add309449ee2f00a33831d780cf6250990bb74be08077cf786ab28996a2
+  metadata.gz: 42da8bbc3e526abe154311e85c5dcb1ffaeba7a631e3b6eab6dbb976a94d9c4d
+  data.tar.gz: b0884fb5ae8a8c332c8ea8684075a57e3efe86c6026656279eb2ffe0ae50105a
 SHA512:
-  metadata.gz: e01ca0150f1690ade72d0c95743d435af9796269d6b3a51496d39b5e98c186dc0cf78dd824f565c7070dc75e8a85e5af0aad21c8382b92b1578bd09edbe89dd3
-  data.tar.gz: 0d00ed4c4b0596f96cb2ec77972fe36352bc17a84ee7043b5c3d002db9d9b2f15c9ddf87a2b67ebf36b99eb8dc8b02b4a917e68f9d83d2d42457bb26ee3a5314
+  metadata.gz: e5d14b32dffb12a412090348429a116f9732bb6413bc35fb677dbf248e8af415ca531d7980bafeaa5a81ed2f083e798821cd21be7fd8eed1037a6659f24d4693
+  data.tar.gz: 411785733af02c33cc0b239980558f79389b8bfdc144bf862530fde111dc3ad0c8fd64040b9fdecba022ae93158287b0f45e26a10719567dda3022024a60728b

data/.github/workflows/test.yml

@@ -93,7 +93,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup php
-      uses: nanasess/setup-php@v1.0.2
+      uses: nanasess/setup-php@v3.0.4
       with:
         php-version: ${{ matrix.php }}
     - name: Set up Ruby

data/.gitignore

@@ -45,6 +45,8 @@ test/fixtures/mix/mix.lock
 test/fixtures/yarn/*
 !test/fixtures/yarn/package.json
 
+test/fixtures/nuget/obj/*
+
 vendor/licenses
 .licenses
 *.gem

data/CHANGELOG.md

@@ -6,6 +6,44 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.12.2
+2020-07-07
+
+### Changed
+- Cleaned up ruby 2.7 warnings (:tada: @jurre https://github.com/github/licensed/pull/292)
+- Cleaned up additional warnings in tests (https://github.com/github/licensed/pull/293)
+
+## 2.12.1
+2020-06-30
+
+### Fixed
+- `licensed` no longer exits an error code when using the `--sources` CLI argument(https://github.com/github/licensed/pull/290)
+
+## 2.12.0
+2020-06-19
+
+### Added
+- `--sources` argument for cache, list, status and notices commands to filter running sources (https://github.com/github/licensed/pull/287)
+
+### Fixed
+- `cache` command will not remove files outside of enabled source cache paths (https://github.com/github/licensed/pull/287)
+
+## 2.11.1
+2020-06-09
+
+### Fixed
+- `notices` command properly reads cached dependency notices contents (https://github.com/github/licensed/pull/283)
+
+## 2.11.0
+2020-06-02
+
+### Added
+- `notices` command to create a `NOTICE` file for each configured app (https://github.com/github/licensed/pull/277)
+
+### Fixed
+- NuGet source no longer crashes on a non-existent dependency path (https://github.com/github/licensed/pull/280)
+- Go source no longer crashes on a non-existent dependency package path (https://github.com/github/licensed/pull/274)
+
 ## 2.10.0
 2020-05-15
 
@@ -13,7 +51,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - NPM source ignores missing peer dependencies (https://github.com/github/licensed/pull/267)
 
 ### Added
-- Nuget source (:tada: @zarenner https://github.com/github/licensed/pull/261)
+- NuGet source (:tada: @zarenner https://github.com/github/licensed/pull/261)
 - Multiple apps can share a single cache location (https://github.com/github/licensed/pull/263)
 
 ## 2.9.2
@@ -302,4 +340,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.10.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.12.2...HEAD

data/README.md

@@ -24,13 +24,13 @@ See the [migration documentation](./docs/migrating_to_newer_versions.md) for mor
 ### Dependencies
 
 Licensed uses the `libgit2` bindings for Ruby provided by `rugged`. `rugged` requires `cmake` and `pkg-config` which you may need to install before you can install Licensed.
-   
+
    >  Ubuntu
-    
+
     sudo apt-get install cmake pkg-config
-    
+
    >  OS X
-       
+
     brew install cmake pkg-config
 
 ### With a Gemfile
@@ -64,8 +64,10 @@ For system wide usage, install licensed to a location on `$PATH`, e.g. `/usr/loc
 
 - `licensed list`: Output enumerated dependencies only.
 - `licensed cache`: Cache licenses and metadata.
-- `licensed status`: Check status of dependencies' cached licenses. For example:
+- `licensed status`: Check status of dependencies' cached licenses.
+- `licensed notices`: Write a `NOTICE` file for each application configuration.
 - `licensed version`: Show current installed version of Licensed. Aliases: `-v|--version`
+- `licensed env`: Output environment information from the licensed configuration.
 
 See the [commands documentation](./docs/commands.md) for additional documentation, or run `licensed -h` to see all of the current available commands.
 

data/docs/commands.md

@@ -6,10 +6,14 @@ Run `licensed -h` to see help content for running licensed commands.
 
 Running the list command finds the dependencies for all sources in all configured applications.  No additional actions are taken on each dependency.
 
+An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
+
 ## `cache`
 
 The cache command finds all dependencies and ensures that each dependency has an up-to-date cached record.
 
+An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
+
 Dependency records will be saved if:
 1. The `force` option is set
 2. No cached record is found
@@ -22,6 +26,8 @@ After the cache command is run, any cached records that don't match up to a curr
 
 The status command finds all dependencies and checks whether each dependency has a valid cached record.
 
+An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
+
 A dependency will fail the status checks if:
 1. No cached record is found
 2. The cached record's version is different than the current dependency's version
@@ -31,6 +37,14 @@ A dependency will fail the status checks if:
 5. The cached record is flagged for re-review.
    - This occurs when the record's license text has changed since the record was reviewed.
 
+## `notices`
+
+Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`.  If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
+
+An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
+
+The `NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
+
 ## `env`
 
 Prints the runtime environment used by licensed after loading a configuration file.  By default the output is in YAML format, but can be output in JSON using the `--json` flag.

data/lib/licensed/cli.rb

@@ -10,22 +10,38 @@ module Licensed
       desc: "Overwrite licenses even if version has not changed."
     method_option :config, aliases: "-c", type: :string,
       desc: "Path to licensed configuration file"
+    method_option :sources, aliases: "-s", type: :array,
+      desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
     def cache
-      run Licensed::Commands::Cache.new(config: config), force: options[:force]
+      run Licensed::Commands::Cache.new(config: config),
+          force: options[:force], sources: options[:sources]
     end
 
     desc "status", "Check status of dependencies' cached licenses"
     method_option :config, aliases: "-c", type: :string,
       desc: "Path to licensed configuration file"
+    method_option :sources, aliases: "-s", type: :array,
+      desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
     def status
-      run Licensed::Commands::Status.new(config: config)
+      run Licensed::Commands::Status.new(config: config), sources: options[:sources]
     end
 
     desc "list", "List dependencies"
     method_option :config, aliases: "-c", type: :string,
       desc: "Path to licensed configuration file"
+    method_option :sources, aliases: "-s", type: :array,
+      desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
     def list
-      run Licensed::Commands::List.new(config: config)
+      run Licensed::Commands::List.new(config: config), sources: options[:sources]
+    end
+
+    desc "notices", "Generate a NOTICE file from cached records"
+    method_option :config, aliases: "-c", type: :string,
+      desc: "Path to licensed configuration file"
+    method_option :sources, aliases: "-s", type: :array,
+      desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
+    def notices
+      run Licensed::Commands::Notices.new(config: config), sources: options[:sources]
     end
 
     map "-v" => :version
@@ -80,7 +96,7 @@ module Licensed
     end
 
     def run(command, **args)
-      exit command.run(args)
+      exit command.run(**args)
     end
   end
 end

data/lib/licensed/commands.rb

@@ -6,5 +6,6 @@ module Licensed
     require "licensed/commands/status"
     require "licensed/commands/list"
     require "licensed/commands/environment"
+    require "licensed/commands/notices"
   end
 end

data/lib/licensed/commands/cache.rb

@@ -32,19 +32,26 @@ module Licensed
 
       protected
 
-      # Run the command for all enabled sources for an application configuration,
+      # Run the command for all enumerated dependencies found in a dependency source,
       # recording results in a report.
+      # Enumerating dependencies in the source is skipped if a :sources option
+      # is provided and the evaluated `source.class.type` is not in the :sources values
       #
-      # app - An application configuration
+      # app - The application configuration for the source
+      # source - A dependency source enumerator
       #
-      # Returns whether the command succeeded for the application.
-      def run_app(app)
-        result = super
-
-        # add the full cache path to the list of cache paths evaluted during this run
-        cache_paths << app.cache_path
+      # Returns whether the command succeeded for the dependency source enumerator
+      def run_source(app, source)
+        super do |report|
+          if Array(options[:sources]).any? && !options[:sources].include?(source.class.type)
+            report.warnings << "skipped source"
+            next :skip
+          end
 
-        result
+          # add the full cache path to the list of cache paths
+          # that should be cleaned up after the command run
+          cache_paths << app.cache_path.join(source.class.type)
+        end
       end
 
       # Cache dependency record data.

data/lib/licensed/commands/command.rb

@@ -21,7 +21,9 @@ module Licensed
         begin
           result = reporter.report_run(self) do |report|
             # allow additional report data to be given by commands
-            yield report if block_given?
+            if block_given?
+              next true if (yield report) == :skip
+            end
 
             config.apps.sort_by { |app| app["name"] }
                        .map { |app| run_app(app) }
@@ -57,7 +59,9 @@ module Licensed
           Dir.chdir app.source_path do
             begin
               # allow additional report data to be given by commands
-              yield report if block_given?
+              if block_given?
+                next true if (yield report) == :skip
+              end
 
               app.sources.select(&:enabled?)
                          .sort_by { |source| source.class.type }
@@ -81,7 +85,9 @@ module Licensed
         reporter.report_source(source) do |report|
           begin
             # allow additional report data to be given by commands
-            yield report if block_given?
+            if block_given?
+              next true if (yield report) == :skip
+            end
 
             source.dependencies.sort_by { |dependency| dependency.name }
                                .map { |dependency| run_dependency(app, source, dependency) }
@@ -114,7 +120,9 @@ module Licensed
 
           begin
             # allow additional report data to be given by commands
-            yield report if block_given?
+            if block_given?
+              next true if (yield report) == :skip
+            end
 
             evaluate_dependency(app, source, dependency, report)
           rescue Licensed::Shell::Error => err

data/lib/licensed/commands/list.rb

@@ -13,6 +13,25 @@ module Licensed
 
       protected
 
+      # Run the command for all enumerated dependencies found in a dependency source,
+      # recording results in a report.
+      # Enumerating dependencies in the source is skipped if a :sources option
+      # is provided and the evaluated `source.class.type` is not in the :sources values
+      #
+      # app - The application configuration for the source
+      # source - A dependency source enumerator
+      #
+      # Returns whether the command succeeded for the dependency source enumerator
+      def run_source(app, source)
+        super do |report|
+          next if Array(options[:sources]).empty?
+          next if options[:sources].include?(source.class.type)
+
+          report.warnings << "skipped source"
+          :skip
+        end
+      end
+
       # Listing dependencies requires no extra work.
       #
       # app - The application configuration for the dependency

data/lib/licensed/commands/notices.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+module Licensed
+  module Commands
+    class Notices < Command
+      # Create a reporter to use during a command run
+      #
+      # options - The options the command was run with
+      #
+      # Raises a Licensed::Reporters::CacheReporter
+      def create_reporter(options)
+        Licensed::Reporters::NoticesReporter.new
+      end
+
+      protected
+
+      # Run the command for all enumerated dependencies found in a dependency source,
+      # recording results in a report.
+      # Enumerating dependencies in the source is skipped if a :sources option
+      # is provided and the evaluated `source.class.type` is not in the :sources values
+      #
+      # app - The application configuration for the source
+      # source - A dependency source enumerator
+      #
+      # Returns whether the command succeeded for the dependency source enumerator
+      def run_source(app, source)
+        super do |report|
+          next if Array(options[:sources]).empty?
+          next if options[:sources].include?(source.class.type)
+
+          report.warnings << "skipped source"
+          :skip
+        end
+      end
+
+      # Load stored dependency record data to add to the notices report.
+      #
+      # app - The application configuration for the dependency
+      # source - The dependency source enumerator for the dependency
+      # dependency - An application dependency
+      # report - A report hash for the command to provide extra data for the report output.
+      #
+      # Returns true.
+      def evaluate_dependency(app, source, dependency, report)
+        filename = app.cache_path.join(source.class.type, "#{dependency.name}.#{DependencyRecord::EXTENSION}")
+        report["cached_record"] = Licensed::DependencyRecord.read(filename)
+        if !report["cached_record"]
+          report.warnings << "expected cached record not found at #{filename}"
+        end
+
+        true
+      end
+    end
+  end
+end

data/lib/licensed/commands/status.rb

@@ -15,6 +15,25 @@ module Licensed
 
       protected
 
+      # Run the command for all enumerated dependencies found in a dependency source,
+      # recording results in a report.
+      # Enumerating dependencies in the source is skipped if a :sources option
+      # is provided and the evaluated `source.class.type` is not in the :sources values
+      #
+      # app - The application configuration for the source
+      # source - A dependency source enumerator
+      #
+      # Returns whether the command succeeded for the dependency source enumerator
+      def run_source(app, source)
+        super do |report|
+          next if Array(options[:sources]).empty?
+          next if options[:sources].include?(source.class.type)
+
+          report.warnings << "skipped source"
+          :skip
+        end
+      end
+
       # Verifies that a cached record exists, is up to date and
       # has license data that complies with the licensed configuration.
       #

data/lib/licensed/dependency.rb

@@ -74,7 +74,7 @@ module Licensed
     def license_contents
       files = matched_files.reject { |f| f == package_file }
                            .group_by(&:content)
-                           .map { |content, files| { "sources" => license_content_sources(files), "text" => content } }
+                           .map { |content, sources| { "sources" => license_content_sources(sources), "text" => content } }
 
       files << generated_license_contents if files.empty?
       files.compact

data/lib/licensed/reporters.rb

@@ -7,5 +7,6 @@ module Licensed
     require "licensed/reporters/list_reporter"
     require "licensed/reporters/json_reporter"
     require "licensed/reporters/yaml_reporter"
+    require "licensed/reporters/notices_reporter"
   end
 end

data/lib/licensed/reporters/cache_reporter.rb

@@ -27,32 +27,32 @@ module Licensed
           shell.info "  #{source.class.type}"
           result = yield report
 
-          warning_reports = report.all_reports.select { |report| report.warnings.any? }.to_a
+          warning_reports = report.all_reports.select { |r| r.warnings.any? }.to_a
           if warning_reports.any?
             shell.newline
             shell.warn "  * Warnings:"
-            warning_reports.each do |report|
-              display_metadata = report.map { |k, v| "#{k}: #{v}" }.join(", ")
+            warning_reports.each do |r|
+              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.warn "    * #{report.name}"
+              shell.warn "    * #{r.name}"
               shell.warn "    #{display_metadata}" unless display_metadata.empty?
-              report.warnings.each do |warning|
+              r.warnings.each do |warning|
                 shell.warn "      - #{warning}"
               end
               shell.newline
             end
           end
 
-          errored_reports = report.all_reports.select { |report| report.errors.any? }.to_a
+          errored_reports = report.all_reports.select { |r| r.errors.any? }.to_a
           if errored_reports.any?
             shell.newline
             shell.error "  * Errors:"
-            errored_reports.each do |report|
-              display_metadata = report.map { |k, v| "#{k}: #{v}" }.join(", ")
+            errored_reports.each do |r|
+              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.error "    * #{report.name}"
+              shell.error "    * #{r.name}"
               shell.error "    #{display_metadata}" unless display_metadata.empty?
-              report.errors.each do |error|
+              r.errors.each do |error|
                 shell.error "      - #{error}"
               end
               shell.newline

data/lib/licensed/reporters/list_reporter.rb

@@ -28,16 +28,32 @@ module Licensed
           shell.info "  #{source.class.type}"
           result = yield report
 
-          errored_reports = report.all_reports.select { |report| report.errors.any? }.to_a
+          warning_reports = report.all_reports.select { |r| r.warnings.any? }.to_a
+          if warning_reports.any?
+            shell.newline
+            shell.warn "  * Warnings:"
+            warning_reports.each do |r|
+              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
+
+              shell.warn "    * #{r.name}"
+              shell.warn "    #{display_metadata}" unless display_metadata.empty?
+              r.warnings.each do |warning|
+                shell.warn "      - #{warning}"
+              end
+              shell.newline
+            end
+          end
+
+          errored_reports = report.all_reports.select { |r| r.errors.any? }.to_a
           if errored_reports.any?
             shell.newline
             shell.error "  * Errors:"
-            errored_reports.each do |report|
-              display_metadata = report.map { |k, v| "#{k}: #{v}" }.join(", ")
+            errored_reports.each do |r|
+              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.error "    * #{report.name}"
+              shell.error "    * #{r.name}"
               shell.error "    #{display_metadata}" unless display_metadata.empty?
-              report.errors.each do |error|
+              r.errors.each do |error|
                 shell.error "      - #{error}"
               end
               shell.newline

data/lib/licensed/reporters/notices_reporter.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+module Licensed
+  module Reporters
+    class NoticesReporter < Reporter
+      TEXT_SEPARATOR = "\n\n#{("-" * 5)}\n\n".freeze
+      LICENSE_SEPARATOR = "\n#{("*" * 5)}\n".freeze
+
+      # Reports on an application configuration in a notices command run
+      #
+      # app - An application configuration
+      #
+      # Returns the result of the yielded method
+      # Note - must be called from inside the `report_run` scope
+      def report_app(app)
+        super do |report|
+          filename = app["shared_cache"] ? "NOTICE.#{app["name"]}" : "NOTICE"
+          path = app.cache_path.join(filename)
+          shell.info "Writing notices for #{app["name"]} to #{path}"
+
+          result = yield report
+
+          File.open(path, "w") do |file|
+            file << "THIRD PARTY NOTICES\n"
+            file << LICENSE_SEPARATOR
+            file << report.all_reports
+                          .map { |r| notices(r) }
+                          .compact
+                          .join(LICENSE_SEPARATOR)
+          end
+
+          result
+        end
+      end
+
+
+      # Reports on a dependency source enumerator in a notices command run.
+      # Shows warnings encountered during the run.
+      #
+      # source - A dependency source enumerator
+      #
+      # Returns the result of the yielded method
+      # Note - must be called from inside the `report_run` scope
+      def report_source(source)
+        super do |report|
+          result = yield report
+
+          report.warnings.each do |warning|
+            shell.warn "* #{report.name}: #{warning}"
+          end
+
+          result
+        end
+      end
+
+      # Reports on a dependency in a notices command run.
+      #
+      # dependency - An application dependency
+      #
+      # Returns the result of the yielded method
+      # Note - must be called from inside the `report_run` scope
+      def report_dependency(dependency)
+        super do |report|
+          result = yield report
+          report.warnings.each do |warning|
+            shell.warn "* #{report.name}: #{warning}"
+          end
+          result
+        end
+      end
+
+      # Returns notices information for a dependency report
+      def notices(report)
+        return unless report.target.is_a?(Licensed::Dependency)
+
+        cached_record = report["cached_record"]
+        return unless cached_record
+
+        texts = cached_record.licenses.map(&:text)
+        cached_record.notices.each do |notice|
+          case notice
+          when Hash
+            texts << notice["text"]
+          when String
+            texts << notice
+          else
+            shell.warn "* unable to parse notices for #{report.target.name}"
+          end
+        end
+
+        <<~NOTICE
+          #{cached_record["name"]}@#{cached_record["version"]}
+
+          #{texts.map(&:strip).reject(&:empty?).compact.join(TEXT_SEPARATOR)}
+        NOTICE
+      end
+    end
+  end
+end

data/lib/licensed/reporters/status_reporter.rb

@@ -15,20 +15,37 @@ module Licensed
           result = yield report
 
           all_reports = report.all_reports
-          errored_reports = all_reports.select { |report| report.errors.any? }.to_a
 
-          dependency_count = all_reports.select { |report| report.target.is_a?(Licensed::Dependency) }.size
-          error_count = errored_reports.sum { |report| report.errors.size }
+          warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
+          if warning_reports.any?
+            shell.newline
+            shell.warn "Warnings:"
+            warning_reports.each do |r|
+              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
+
+              shell.warn "* #{r.name}"
+              shell.warn "  #{display_metadata}" unless display_metadata.empty?
+              r.warnings.each do |warning|
+                shell.warn "    - #{warning}"
+              end
+              shell.newline
+            end
+          end
+
+          errored_reports = all_reports.select { |r| r.errors.any? }.to_a
+
+          dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
+          error_count = errored_reports.sum { |r| r.errors.size }
 
           if error_count > 0
             shell.newline
             shell.error "Errors:"
-            errored_reports.each do |report|
-              display_metadata = report.map { |k, v| "#{k}: #{v}" }.join(", ")
+            errored_reports.each do |r|
+              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.error "* #{report.name}"
+              shell.error "* #{r.name}"
               shell.error "  #{display_metadata}" unless display_metadata.empty?
-              report.errors.each do |error|
+              r.errors.each do |error|
                 shell.error "    - #{error}"
               end
               shell.newline

data/lib/licensed/sources/cabal.rb

@@ -111,11 +111,11 @@ module Licensed
         info = package_info_command(id).strip
         return missing_package(id) if info.empty?
 
-        info.lines.each_with_object({}) do |line, info|
+        info.lines.each_with_object({}) do |line, hsh|
           key, value = line.split(":", 2).map(&:strip)
           next unless key && value
 
-          info[key] = value
+          hsh[key] = value
         end
       end
 

data/lib/licensed/sources/go.rb

@@ -120,7 +120,7 @@ module Licensed
         return go_mod["Version"] if go_mod
 
         package_directory = package["Dir"]
-        return unless package_directory
+        return unless package_directory && File.exist?(package_directory)
 
         # find most recent git SHA for a package, or nil if SHA is
         # not available

data/lib/licensed/sources/nuget.rb

@@ -17,10 +17,13 @@ module Licensed
         PROJECT_URL_REGEX = /<projectUrl>\s*(.*)\s*<\/projectUrl>/ix.freeze
         PROJECT_DESC_REGEX = /<description>\s*(.*)\s*<\/description>/ix.freeze
 
-        def initialize(name:, version:, path:, search_root: nil, metadata: {}, errors: [])
-          super(name: name, version: version, path: path, search_root: search_root, metadata: metadata, errors: errors)
-          @metadata["homepage"] = project_url if project_url
-          @metadata["summary"] = description if description
+        # Returns the metadata that represents this dependency.  This metadata
+        # is written to YAML in the dependencys cached text file
+        def license_metadata
+          super.tap do |record_metadata|
+            record_metadata["homepage"] = project_url if project_url
+            record_metadata["summary"] = description if description
+          end
         end
 
         def nuspec_path
@@ -29,14 +32,17 @@ module Licensed
         end
 
         def nuspec_contents
-          return unless nuspec_path
-          @nuspec_contents ||= File.read(nuspec_path)
+          return @nuspec_contents if defined?(@nuspec_contents)
+          @nuspec_contents = begin
+            return unless nuspec_path && File.exist?(nuspec_path)
+            File.read(nuspec_path)
+          end
         end
 
         def project_url
           return @project_url if defined?(@project_url)
-          return unless nuspec_contents
           @project_url = begin
+            return unless nuspec_contents
             match = nuspec_contents.match PROJECT_URL_REGEX
             match[1] if match && match[1]
           end
@@ -44,8 +50,8 @@ module Licensed
 
         def description
           return @description if defined?(@description)
-          return unless nuspec_contents
           @description = begin
+            return unless nuspec_contents
             match = nuspec_contents.match PROJECT_DESC_REGEX
             match[1] if match && match[1]
           end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.10.0".freeze
+  VERSION = "2.12.2".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.10.0
+  version: 2.12.2
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-15 00:00:00.000000000 Z
+date: 2020-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -284,6 +284,7 @@ files:
 - lib/licensed/commands/command.rb
 - lib/licensed/commands/environment.rb
 - lib/licensed/commands/list.rb
+- lib/licensed/commands/notices.rb
 - lib/licensed/commands/status.rb
 - lib/licensed/configuration.rb
 - lib/licensed/dependency.rb
@@ -295,6 +296,7 @@ files:
 - lib/licensed/reporters/cache_reporter.rb
 - lib/licensed/reporters/json_reporter.rb
 - lib/licensed/reporters/list_reporter.rb
+- lib/licensed/reporters/notices_reporter.rb
 - lib/licensed/reporters/reporter.rb
 - lib/licensed/reporters/status_reporter.rb
 - lib/licensed/reporters/yaml_reporter.rb