licensed 2.14.1 → 2.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/lib/licensed/sources/go.rb +43 -43
- data/lib/licensed/sources/yarn.rb +14 -6
- data/lib/licensed/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7f91fb96a7fae9a97255650d8b27b65236f681b69dcbe3092691bb703f04b60f
|
|
4
|
+
data.tar.gz: '0009173e203fbec4670773120888a2389c8a8e451a8d29ac0224548d8304df01'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c463e87b87a2907a935f62c4191c754b499a2737bed527b0573030272a13b0e7daf780418602dc6a71522049dcf8e7a53b60ad46c3d24089b685b35453d4f4a
|
|
7
|
+
data.tar.gz: 4b33b7d301373075334f0302859ad7a4d9321a40c68df1a4f22f0af30ff73325190cdabd70532a48fd6c27bbed45532121065aeb61476a9b0bf3619f5c703924
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 2.14.2
|
|
10
|
+
2020-11-20
|
|
11
|
+
|
|
12
|
+
## Fixed
|
|
13
|
+
- Yarn source correctly finds dependency paths on disk (https://github.com/github/licensed/pull/326)
|
|
14
|
+
- Go source better handles finding dependencies that have been vendored (https://github.com/github/licensed/pull/323)
|
|
15
|
+
|
|
9
16
|
## 2.14.1
|
|
10
17
|
2020-10-09
|
|
11
18
|
|
|
@@ -366,4 +373,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
366
373
|
|
|
367
374
|
Initial release :tada:
|
|
368
375
|
|
|
369
|
-
[Unreleased]: https://github.com/github/licensed/compare/2.14.
|
|
376
|
+
[Unreleased]: https://github.com/github/licensed/compare/2.14.2...HEAD
|
data/lib/licensed/sources/go.rb
CHANGED
|
@@ -15,8 +15,7 @@ module Licensed
|
|
|
15
15
|
def enumerate_dependencies
|
|
16
16
|
with_configured_gopath do
|
|
17
17
|
packages.map do |package|
|
|
18
|
-
import_path =
|
|
19
|
-
import_path ||= package["ImportPath"]
|
|
18
|
+
import_path = non_vendored_import_path(package)
|
|
20
19
|
error = package.dig("Error", "Err") if package["Error"]
|
|
21
20
|
|
|
22
21
|
Dependency.new(
|
|
@@ -81,34 +80,26 @@ module Licensed
|
|
|
81
80
|
# return true if package self-identifies
|
|
82
81
|
return true if package["Standard"]
|
|
83
82
|
|
|
84
|
-
import_path = package
|
|
83
|
+
import_path = non_vendored_import_path(package)
|
|
85
84
|
return false unless import_path
|
|
86
85
|
|
|
87
|
-
#
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
# return true if any of the go standard packages matches against
|
|
98
|
-
# the non-vendored import path
|
|
99
|
-
return true if go_std_packages.include?(non_vendored_import_path)
|
|
100
|
-
return true if go_std_packages.include?(non_vendored_import_path.sub("golang.org", "internal"))
|
|
101
|
-
|
|
102
|
-
# modify the import path to look like the import path `go list` returns for vendored std packages
|
|
103
|
-
vendor_path = import_path.sub("#{root_package["ImportPath"]}/", "")
|
|
104
|
-
go_std_packages.include?(vendor_path) || go_std_packages.include?(vendor_path.sub("golang.org", "golang_org"))
|
|
86
|
+
# check different variations of the import path to match against
|
|
87
|
+
# what's returned from `go list std`
|
|
88
|
+
[
|
|
89
|
+
import_path,
|
|
90
|
+
import_path.sub("golang.org", "internal"),
|
|
91
|
+
import_path.sub("golang.org", "golang_org"),
|
|
92
|
+
].any? do |path|
|
|
93
|
+
# true if go standard packages includes the path or "vendor/<path>"
|
|
94
|
+
go_std_packages.include?(path) || go_std_packages.include?("vendor/#{path}")
|
|
95
|
+
end
|
|
105
96
|
end
|
|
106
97
|
|
|
107
98
|
# Returns whether the package is local to the current project
|
|
108
99
|
def local_package?(package)
|
|
109
|
-
return false unless package && package["
|
|
110
|
-
|
|
111
|
-
|
|
100
|
+
return false unless package && package["Dir"]
|
|
101
|
+
return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"])
|
|
102
|
+
vendored_path_parts(package).nil?
|
|
112
103
|
end
|
|
113
104
|
|
|
114
105
|
# Returns the version for a given package
|
|
@@ -155,36 +146,45 @@ module Licensed
|
|
|
155
146
|
|
|
156
147
|
# search root choices:
|
|
157
148
|
# 1. module directory if using go modules and directory is available
|
|
158
|
-
# 2. vendor folder if package is vendored
|
|
159
|
-
# 3. package root value if available
|
|
160
|
-
# 4. GOPATH if the package directory is under the gopath
|
|
161
|
-
# 5. nil
|
|
162
149
|
module_dir = package.dig("Module", "Dir")
|
|
163
150
|
return module_dir if module_dir
|
|
164
|
-
|
|
151
|
+
|
|
152
|
+
# 2. vendor folder if package is vendored
|
|
153
|
+
parts = vendored_path_parts(package)
|
|
154
|
+
return parts[:vendor_path] if parts
|
|
155
|
+
|
|
156
|
+
# 3. package root value if available
|
|
165
157
|
return package["Root"] if package["Root"]
|
|
158
|
+
|
|
159
|
+
# 4. GOPATH if the package directory is under the gopath
|
|
166
160
|
return gopath if package["Dir"]&.start_with?(gopath)
|
|
161
|
+
|
|
162
|
+
# 5. nil
|
|
167
163
|
nil
|
|
168
164
|
end
|
|
169
165
|
|
|
170
|
-
#
|
|
171
|
-
#
|
|
166
|
+
# If the package is vendored, returns a Match object containing named
|
|
167
|
+
# :vendor_path and :import_path match groups based on the packages "Dir" value
|
|
168
|
+
#
|
|
169
|
+
# If the package is not vendored, returns nil
|
|
172
170
|
#
|
|
173
|
-
#
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
path.start_with?(base.to_s) && path.include?("vendor/")
|
|
171
|
+
# package - Package to get vendored path information for
|
|
172
|
+
def vendored_path_parts(package)
|
|
173
|
+
return if package.nil? || package["Dir"].nil?
|
|
174
|
+
package["Dir"].match(/^(?<vendor_path>#{config.root}(\/.+)*\/[^\/]*vendor[^\/]*)\/(?<import_path>.+)$/i)
|
|
178
175
|
end
|
|
179
176
|
|
|
180
|
-
# Returns the
|
|
177
|
+
# Returns the non-vendored portion of the package import path if vendored,
|
|
178
|
+
# otherwise returns the package's import path as given
|
|
181
179
|
#
|
|
182
|
-
#
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
return
|
|
187
|
-
|
|
180
|
+
# package - Package to get the non-vendored import path for
|
|
181
|
+
def non_vendored_import_path(package)
|
|
182
|
+
return if package.nil?
|
|
183
|
+
parts = vendored_path_parts(package)
|
|
184
|
+
return parts[:import_path] if parts
|
|
185
|
+
|
|
186
|
+
# if a package isn't vendored, return the packages "ImportPath"
|
|
187
|
+
package["ImportPath"]
|
|
188
188
|
end
|
|
189
189
|
|
|
190
190
|
# Returns a hash of information about the package with a given import path
|
|
@@ -36,7 +36,7 @@ module Licensed
|
|
|
36
36
|
def packages
|
|
37
37
|
return [] if yarn_package_tree.nil?
|
|
38
38
|
all_dependencies = {}
|
|
39
|
-
recursive_dependencies(
|
|
39
|
+
recursive_dependencies(yarn_package_tree).each do |name, results|
|
|
40
40
|
results.uniq! { |package| package["version"] }
|
|
41
41
|
if results.size == 1
|
|
42
42
|
# if there is only one package for a name, reference it by name
|
|
@@ -55,26 +55,34 @@ module Licensed
|
|
|
55
55
|
|
|
56
56
|
# Recursively parse dependency JSON data. Returns a hash mapping the
|
|
57
57
|
# package name to it's metadata
|
|
58
|
-
def recursive_dependencies(
|
|
58
|
+
def recursive_dependencies(dependencies, result = {})
|
|
59
59
|
dependencies.each do |dependency|
|
|
60
60
|
# "shadow" indicate a dependency requirement only, not a
|
|
61
61
|
# resolved package identifier
|
|
62
62
|
next if dependency["shadow"]
|
|
63
63
|
name, _, version = dependency["name"].rpartition("@")
|
|
64
64
|
|
|
65
|
-
# the dependency should be found under the parent's "node_modules" path
|
|
66
|
-
dependency_path = path.join("node_modules", name)
|
|
67
65
|
(result[name] ||= []) << {
|
|
68
66
|
"id" => dependency["name"],
|
|
69
67
|
"name" => name,
|
|
70
68
|
"version" => version,
|
|
71
|
-
"path" =>
|
|
69
|
+
"path" => dependency_paths[dependency["name"]]
|
|
72
70
|
}
|
|
73
|
-
recursive_dependencies(
|
|
71
|
+
recursive_dependencies(dependency["children"], result)
|
|
74
72
|
end
|
|
75
73
|
result
|
|
76
74
|
end
|
|
77
75
|
|
|
76
|
+
# Returns a hash that maps all dependency names to their location on disk
|
|
77
|
+
# by parsing every package.json file under node_modules.
|
|
78
|
+
def dependency_paths
|
|
79
|
+
@dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
|
|
80
|
+
dirname = File.dirname(file)
|
|
81
|
+
json = JSON.parse(File.read(file))
|
|
82
|
+
hsh["#{json["name"]}@#{json["version"]}"] = dirname
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
78
86
|
# Finds and returns the yarn package tree listing from `yarn list` output
|
|
79
87
|
def yarn_package_tree
|
|
80
88
|
return @yarn_package_tree if defined?(@yarn_package_tree)
|
data/lib/licensed/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.14.
|
|
4
|
+
version: 2.14.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|