licensed 2.14.1 → 2.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8e51a39bfeaf0f48ca7a05b08047b8a64236b276097a0ee7f301dc1ca4e1ad1f
4
- data.tar.gz: ee8de1cdebb66fa213f25b4b4bcd38957a4746b86bed6375a057cdd372603cc7
3
+ metadata.gz: 7f91fb96a7fae9a97255650d8b27b65236f681b69dcbe3092691bb703f04b60f
4
+ data.tar.gz: '0009173e203fbec4670773120888a2389c8a8e451a8d29ac0224548d8304df01'
5
5
  SHA512:
6
- metadata.gz: 583a36dbc2a4e2cb6c9ae76a8976f01e61c2ec3f855d36aac3ce68f303170c7ddd2f0a5ed1e7acc5e67ae26eedd05ee05c1b884cf73a5a6836b2e81879b12078
7
- data.tar.gz: ca025576af3f1a385f6517d2534a39e83ae2bc6a575933559f0457cab3afd28037ab16aef79e068958c225bdacec293b21afa3e4d2f5238bde473a3a3a924daa
6
+ metadata.gz: 4c463e87b87a2907a935f62c4191c754b499a2737bed527b0573030272a13b0e7daf780418602dc6a71522049dcf8e7a53b60ad46c3d24089b685b35453d4f4a
7
+ data.tar.gz: 4b33b7d301373075334f0302859ad7a4d9321a40c68df1a4f22f0af30ff73325190cdabd70532a48fd6c27bbed45532121065aeb61476a9b0bf3619f5c703924
@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 2.14.2
10
+ 2020-11-20
11
+
12
+ ## Fixed
13
+ - Yarn source correctly finds dependency paths on disk (https://github.com/github/licensed/pull/326)
14
+ - Go source better handles finding dependencies that have been vendored (https://github.com/github/licensed/pull/323)
15
+
9
16
  ## 2.14.1
10
17
  2020-10-09
11
18
 
@@ -366,4 +373,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
366
373
 
367
374
  Initial release :tada:
368
375
 
369
- [Unreleased]: https://github.com/github/licensed/compare/2.14.1...HEAD
376
+ [Unreleased]: https://github.com/github/licensed/compare/2.14.2...HEAD
@@ -15,8 +15,7 @@ module Licensed
15
15
  def enumerate_dependencies
16
16
  with_configured_gopath do
17
17
  packages.map do |package|
18
- import_path = non_vendored_path(package["ImportPath"], root_package["ImportPath"])
19
- import_path ||= package["ImportPath"]
18
+ import_path = non_vendored_import_path(package)
20
19
  error = package.dig("Error", "Err") if package["Error"]
21
20
 
22
21
  Dependency.new(
@@ -81,34 +80,26 @@ module Licensed
81
80
  # return true if package self-identifies
82
81
  return true if package["Standard"]
83
82
 
84
- import_path = package["ImportPath"]
83
+ import_path = non_vendored_import_path(package)
85
84
  return false unless import_path
86
85
 
87
- # true if go standard packages includes the import path as given
88
- return true if go_std_packages.include?(import_path)
89
- return true if go_std_packages.include?("vendor/#{import_path}")
90
- return true if go_std_packages.include?(import_path.sub("golang.org", "internal"))
91
-
92
- # additional checks are only for vendored dependencies - return false
93
- # if package isn't vendored
94
- non_vendored_import_path = non_vendored_path(import_path, root_package["ImportPath"])
95
- return false unless non_vendored_import_path
96
-
97
- # return true if any of the go standard packages matches against
98
- # the non-vendored import path
99
- return true if go_std_packages.include?(non_vendored_import_path)
100
- return true if go_std_packages.include?(non_vendored_import_path.sub("golang.org", "internal"))
101
-
102
- # modify the import path to look like the import path `go list` returns for vendored std packages
103
- vendor_path = import_path.sub("#{root_package["ImportPath"]}/", "")
104
- go_std_packages.include?(vendor_path) || go_std_packages.include?(vendor_path.sub("golang.org", "golang_org"))
86
+ # check different variations of the import path to match against
87
+ # what's returned from `go list std`
88
+ [
89
+ import_path,
90
+ import_path.sub("golang.org", "internal"),
91
+ import_path.sub("golang.org", "golang_org"),
92
+ ].any? do |path|
93
+ # true if go standard packages includes the path or "vendor/<path>"
94
+ go_std_packages.include?(path) || go_std_packages.include?("vendor/#{path}")
95
+ end
105
96
  end
106
97
 
107
98
  # Returns whether the package is local to the current project
108
99
  def local_package?(package)
109
- return false unless package && package["ImportPath"]
110
- import_path = package["ImportPath"]
111
- import_path.start_with?(root_package["ImportPath"]) && !import_path.include?("vendor/")
100
+ return false unless package && package["Dir"]
101
+ return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"])
102
+ vendored_path_parts(package).nil?
112
103
  end
113
104
 
114
105
  # Returns the version for a given package
@@ -155,36 +146,45 @@ module Licensed
155
146
 
156
147
  # search root choices:
157
148
  # 1. module directory if using go modules and directory is available
158
- # 2. vendor folder if package is vendored
159
- # 3. package root value if available
160
- # 4. GOPATH if the package directory is under the gopath
161
- # 5. nil
162
149
  module_dir = package.dig("Module", "Dir")
163
150
  return module_dir if module_dir
164
- return package["Dir"].match("^(.*/vendor)/.*$")[1] if vendored_path?(package["Dir"], config.root)
151
+
152
+ # 2. vendor folder if package is vendored
153
+ parts = vendored_path_parts(package)
154
+ return parts[:vendor_path] if parts
155
+
156
+ # 3. package root value if available
165
157
  return package["Root"] if package["Root"]
158
+
159
+ # 4. GOPATH if the package directory is under the gopath
166
160
  return gopath if package["Dir"]&.start_with?(gopath)
161
+
162
+ # 5. nil
167
163
  nil
168
164
  end
169
165
 
170
- # Returns whether a package is vendored or not based on a base path and
171
- # whether the path contains a vendor component
166
+ # If the package is vendored, returns a Match object containing named
167
+ # :vendor_path and :import_path match groups based on the packages "Dir" value
168
+ #
169
+ # If the package is not vendored, returns nil
172
170
  #
173
- # path - Package path to test
174
- # base - The base path that the input must start with
175
- def vendored_path?(path, base)
176
- return false if path.nil? || base.nil?
177
- path.start_with?(base.to_s) && path.include?("vendor/")
171
+ # package - Package to get vendored path information for
172
+ def vendored_path_parts(package)
173
+ return if package.nil? || package["Dir"].nil?
174
+ package["Dir"].match(/^(?<vendor_path>#{config.root}(\/.+)*\/[^\/]*vendor[^\/]*)\/(?<import_path>.+)$/i)
178
175
  end
179
176
 
180
- # Returns the path parameter without the vendor component if one is found
177
+ # Returns the non-vendored portion of the package import path if vendored,
178
+ # otherwise returns the package's import path as given
181
179
  #
182
- # path - Package path with vendor component
183
- # base - The base path that the input must start with
184
- def non_vendored_path(path, base)
185
- return unless path
186
- return unless vendored_path?(path, base)
187
- path.split("vendor/")[1]
180
+ # package - Package to get the non-vendored import path for
181
+ def non_vendored_import_path(package)
182
+ return if package.nil?
183
+ parts = vendored_path_parts(package)
184
+ return parts[:import_path] if parts
185
+
186
+ # if a package isn't vendored, return the packages "ImportPath"
187
+ package["ImportPath"]
188
188
  end
189
189
 
190
190
  # Returns a hash of information about the package with a given import path
@@ -36,7 +36,7 @@ module Licensed
36
36
  def packages
37
37
  return [] if yarn_package_tree.nil?
38
38
  all_dependencies = {}
39
- recursive_dependencies(config.pwd, yarn_package_tree).each do |name, results|
39
+ recursive_dependencies(yarn_package_tree).each do |name, results|
40
40
  results.uniq! { |package| package["version"] }
41
41
  if results.size == 1
42
42
  # if there is only one package for a name, reference it by name
@@ -55,26 +55,34 @@ module Licensed
55
55
 
56
56
  # Recursively parse dependency JSON data. Returns a hash mapping the
57
57
  # package name to it's metadata
58
- def recursive_dependencies(path, dependencies, result = {})
58
+ def recursive_dependencies(dependencies, result = {})
59
59
  dependencies.each do |dependency|
60
60
  # "shadow" indicate a dependency requirement only, not a
61
61
  # resolved package identifier
62
62
  next if dependency["shadow"]
63
63
  name, _, version = dependency["name"].rpartition("@")
64
64
 
65
- # the dependency should be found under the parent's "node_modules" path
66
- dependency_path = path.join("node_modules", name)
67
65
  (result[name] ||= []) << {
68
66
  "id" => dependency["name"],
69
67
  "name" => name,
70
68
  "version" => version,
71
- "path" => dependency_path
69
+ "path" => dependency_paths[dependency["name"]]
72
70
  }
73
- recursive_dependencies(dependency_path, dependency["children"], result)
71
+ recursive_dependencies(dependency["children"], result)
74
72
  end
75
73
  result
76
74
  end
77
75
 
76
+ # Returns a hash that maps all dependency names to their location on disk
77
+ # by parsing every package.json file under node_modules.
78
+ def dependency_paths
79
+ @dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
80
+ dirname = File.dirname(file)
81
+ json = JSON.parse(File.read(file))
82
+ hsh["#{json["name"]}@#{json["version"]}"] = dirname
83
+ end
84
+ end
85
+
78
86
  # Finds and returns the yarn package tree listing from `yarn list` output
79
87
  def yarn_package_tree
80
88
  return @yarn_package_tree if defined?(@yarn_package_tree)
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "2.14.1".freeze
3
+ VERSION = "2.14.2".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.14.1
4
+ version: 2.14.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-09 00:00:00.000000000 Z
11
+ date: 2020-11-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee