licensed 2.14.1 → 2.14.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/lib/licensed/sources/go.rb +43 -43
- data/lib/licensed/sources/yarn.rb +14 -6
- data/lib/licensed/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7f91fb96a7fae9a97255650d8b27b65236f681b69dcbe3092691bb703f04b60f
|
|
4
|
+
data.tar.gz: '0009173e203fbec4670773120888a2389c8a8e451a8d29ac0224548d8304df01'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c463e87b87a2907a935f62c4191c754b499a2737bed527b0573030272a13b0e7daf780418602dc6a71522049dcf8e7a53b60ad46c3d24089b685b35453d4f4a
|
|
7
|
+
data.tar.gz: 4b33b7d301373075334f0302859ad7a4d9321a40c68df1a4f22f0af30ff73325190cdabd70532a48fd6c27bbed45532121065aeb61476a9b0bf3619f5c703924
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 2.14.2
|
|
10
|
+
2020-11-20
|
|
11
|
+
|
|
12
|
+
## Fixed
|
|
13
|
+
- Yarn source correctly finds dependency paths on disk (https://github.com/github/licensed/pull/326)
|
|
14
|
+
- Go source better handles finding dependencies that have been vendored (https://github.com/github/licensed/pull/323)
|
|
15
|
+
|
|
9
16
|
## 2.14.1
|
|
10
17
|
2020-10-09
|
|
11
18
|
|
|
@@ -366,4 +373,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
366
373
|
|
|
367
374
|
Initial release :tada:
|
|
368
375
|
|
|
369
|
-
[Unreleased]: https://github.com/github/licensed/compare/2.14.
|
|
376
|
+
[Unreleased]: https://github.com/github/licensed/compare/2.14.2...HEAD
|
data/lib/licensed/sources/go.rb
CHANGED
|
@@ -15,8 +15,7 @@ module Licensed
|
|
|
15
15
|
def enumerate_dependencies
|
|
16
16
|
with_configured_gopath do
|
|
17
17
|
packages.map do |package|
|
|
18
|
-
import_path =
|
|
19
|
-
import_path ||= package["ImportPath"]
|
|
18
|
+
import_path = non_vendored_import_path(package)
|
|
20
19
|
error = package.dig("Error", "Err") if package["Error"]
|
|
21
20
|
|
|
22
21
|
Dependency.new(
|
|
@@ -81,34 +80,26 @@ module Licensed
|
|
|
81
80
|
# return true if package self-identifies
|
|
82
81
|
return true if package["Standard"]
|
|
83
82
|
|
|
84
|
-
import_path = package
|
|
83
|
+
import_path = non_vendored_import_path(package)
|
|
85
84
|
return false unless import_path
|
|
86
85
|
|
|
87
|
-
#
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
# return true if any of the go standard packages matches against
|
|
98
|
-
# the non-vendored import path
|
|
99
|
-
return true if go_std_packages.include?(non_vendored_import_path)
|
|
100
|
-
return true if go_std_packages.include?(non_vendored_import_path.sub("golang.org", "internal"))
|
|
101
|
-
|
|
102
|
-
# modify the import path to look like the import path `go list` returns for vendored std packages
|
|
103
|
-
vendor_path = import_path.sub("#{root_package["ImportPath"]}/", "")
|
|
104
|
-
go_std_packages.include?(vendor_path) || go_std_packages.include?(vendor_path.sub("golang.org", "golang_org"))
|
|
86
|
+
# check different variations of the import path to match against
|
|
87
|
+
# what's returned from `go list std`
|
|
88
|
+
[
|
|
89
|
+
import_path,
|
|
90
|
+
import_path.sub("golang.org", "internal"),
|
|
91
|
+
import_path.sub("golang.org", "golang_org"),
|
|
92
|
+
].any? do |path|
|
|
93
|
+
# true if go standard packages includes the path or "vendor/<path>"
|
|
94
|
+
go_std_packages.include?(path) || go_std_packages.include?("vendor/#{path}")
|
|
95
|
+
end
|
|
105
96
|
end
|
|
106
97
|
|
|
107
98
|
# Returns whether the package is local to the current project
|
|
108
99
|
def local_package?(package)
|
|
109
|
-
return false unless package && package["
|
|
110
|
-
|
|
111
|
-
|
|
100
|
+
return false unless package && package["Dir"]
|
|
101
|
+
return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"])
|
|
102
|
+
vendored_path_parts(package).nil?
|
|
112
103
|
end
|
|
113
104
|
|
|
114
105
|
# Returns the version for a given package
|
|
@@ -155,36 +146,45 @@ module Licensed
|
|
|
155
146
|
|
|
156
147
|
# search root choices:
|
|
157
148
|
# 1. module directory if using go modules and directory is available
|
|
158
|
-
# 2. vendor folder if package is vendored
|
|
159
|
-
# 3. package root value if available
|
|
160
|
-
# 4. GOPATH if the package directory is under the gopath
|
|
161
|
-
# 5. nil
|
|
162
149
|
module_dir = package.dig("Module", "Dir")
|
|
163
150
|
return module_dir if module_dir
|
|
164
|
-
|
|
151
|
+
|
|
152
|
+
# 2. vendor folder if package is vendored
|
|
153
|
+
parts = vendored_path_parts(package)
|
|
154
|
+
return parts[:vendor_path] if parts
|
|
155
|
+
|
|
156
|
+
# 3. package root value if available
|
|
165
157
|
return package["Root"] if package["Root"]
|
|
158
|
+
|
|
159
|
+
# 4. GOPATH if the package directory is under the gopath
|
|
166
160
|
return gopath if package["Dir"]&.start_with?(gopath)
|
|
161
|
+
|
|
162
|
+
# 5. nil
|
|
167
163
|
nil
|
|
168
164
|
end
|
|
169
165
|
|
|
170
|
-
#
|
|
171
|
-
#
|
|
166
|
+
# If the package is vendored, returns a Match object containing named
|
|
167
|
+
# :vendor_path and :import_path match groups based on the packages "Dir" value
|
|
168
|
+
#
|
|
169
|
+
# If the package is not vendored, returns nil
|
|
172
170
|
#
|
|
173
|
-
#
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
path.start_with?(base.to_s) && path.include?("vendor/")
|
|
171
|
+
# package - Package to get vendored path information for
|
|
172
|
+
def vendored_path_parts(package)
|
|
173
|
+
return if package.nil? || package["Dir"].nil?
|
|
174
|
+
package["Dir"].match(/^(?<vendor_path>#{config.root}(\/.+)*\/[^\/]*vendor[^\/]*)\/(?<import_path>.+)$/i)
|
|
178
175
|
end
|
|
179
176
|
|
|
180
|
-
# Returns the
|
|
177
|
+
# Returns the non-vendored portion of the package import path if vendored,
|
|
178
|
+
# otherwise returns the package's import path as given
|
|
181
179
|
#
|
|
182
|
-
#
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
return
|
|
187
|
-
|
|
180
|
+
# package - Package to get the non-vendored import path for
|
|
181
|
+
def non_vendored_import_path(package)
|
|
182
|
+
return if package.nil?
|
|
183
|
+
parts = vendored_path_parts(package)
|
|
184
|
+
return parts[:import_path] if parts
|
|
185
|
+
|
|
186
|
+
# if a package isn't vendored, return the packages "ImportPath"
|
|
187
|
+
package["ImportPath"]
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
# Returns a hash of information about the package with a given import path
|
|
@@ -36,7 +36,7 @@ module Licensed
|
|
|
36
36
|
def packages
|
|
37
37
|
return [] if yarn_package_tree.nil?
|
|
38
38
|
all_dependencies = {}
|
|
39
|
-
recursive_dependencies(
|
|
39
|
+
recursive_dependencies(yarn_package_tree).each do |name, results|
|
|
40
40
|
results.uniq! { |package| package["version"] }
|
|
41
41
|
if results.size == 1
|
|
42
42
|
# if there is only one package for a name, reference it by name
|
|
@@ -55,26 +55,34 @@ module Licensed
|
|
|
55
55
|
|
|
56
56
|
# Recursively parse dependency JSON data. Returns a hash mapping the
|
|
57
57
|
# package name to it's metadata
|
|
58
|
-
def recursive_dependencies(
|
|
58
|
+
def recursive_dependencies(dependencies, result = {})
|
|
59
59
|
dependencies.each do |dependency|
|
|
60
60
|
# "shadow" indicate a dependency requirement only, not a
|
|
61
61
|
# resolved package identifier
|
|
62
62
|
next if dependency["shadow"]
|
|
63
63
|
name, _, version = dependency["name"].rpartition("@")
|
|
64
64
|
|
|
65
|
-
# the dependency should be found under the parent's "node_modules" path
|
|
66
|
-
dependency_path = path.join("node_modules", name)
|
|
67
65
|
(result[name] ||= []) << {
|
|
68
66
|
"id" => dependency["name"],
|
|
69
67
|
"name" => name,
|
|
70
68
|
"version" => version,
|
|
71
|
-
"path" =>
|
|
69
|
+
"path" => dependency_paths[dependency["name"]]
|
|
72
70
|
}
|
|
73
|
-
recursive_dependencies(
|
|
71
|
+
recursive_dependencies(dependency["children"], result)
|
|
74
72
|
end
|
|
75
73
|
result
|
|
76
74
|
end
|
|
77
75
|
|
|
76
|
+
# Returns a hash that maps all dependency names to their location on disk
|
|
77
|
+
# by parsing every package.json file under node_modules.
|
|
78
|
+
def dependency_paths
|
|
79
|
+
@dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
|
|
80
|
+
dirname = File.dirname(file)
|
|
81
|
+
json = JSON.parse(File.read(file))
|
|
82
|
+
hsh["#{json["name"]}@#{json["version"]}"] = dirname
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
78
86
|
# Finds and returns the yarn package tree listing from `yarn list` output
|
|
79
87
|
def yarn_package_tree
|
|
80
88
|
return @yarn_package_tree if defined?(@yarn_package_tree)
|
data/lib/licensed/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.14.
|
|
4
|
+
version: 2.14.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|