licensed 2.14.2 → 2.15.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f91fb96a7fae9a97255650d8b27b65236f681b69dcbe3092691bb703f04b60f
-  data.tar.gz: '0009173e203fbec4670773120888a2389c8a8e451a8d29ac0224548d8304df01'
+  metadata.gz: 13bec80f1d0dba11fc88692fe346f3dd1f2961ba79f21eb23d7c20e8e40df01b
+  data.tar.gz: bd4794c594cbe624ce18d0c3483d0ad05c3d37734b11eb376778a2f48fffd81a
 SHA512:
-  metadata.gz: 4c463e87b87a2907a935f62c4191c754b499a2737bed527b0573030272a13b0e7daf780418602dc6a71522049dcf8e7a53b60ad46c3d24089b685b35453d4f4a
-  data.tar.gz: 4b33b7d301373075334f0302859ad7a4d9321a40c68df1a4f22f0af30ff73325190cdabd70532a48fd6c27bbed45532121065aeb61476a9b0bf3619f5c703924
+  metadata.gz: cb096d054153724f25b5dc7871131a6eb2b1a7d86360f40654af2f1f41ec62ae829e470d49818a8e943ee8d8d5b533e6407f3dc3dffe272a29c40ca7b0a03b75
+  data.tar.gz: a302d4ab4db6da100c861020527dedf4d1249f0edfbc31ffea9cef1137063e30cf51ca737f59cf90c100301748f14b84edfae61ee634d665f8fa008715257117

data/.github/workflows/release.yml

@@ -3,96 +3,192 @@ name: Build and publish release assets
 on:
   release:
     types: [created]
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Commit-like version of github/licensed to build package at'
+        required: true
+      release_tag:
+        description: 'Release tag to upload built packages to'
+        required: false
 
 jobs:
-  package_linux:
+  vars:
+    name: "Gather values for remainder of steps"
     runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.get_version.outputs.result }}
+      upload_url: ${{ steps.get_url.outputs.result }}
+      ref: ${{ steps.get_ref.outputs.result }}
+    steps:
+      - id: get_version
+        name: Get package version
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          result-encoding: string
+          script: |
+            let version = "${{ github.event.release.tag_name }}"
+            if (!version) {
+              version = "${{ github.event.inputs.version }}"
+            }
+
+            if (!version) {
+              throw new Error("unable to find package build version")
+            }
+
+            return version
+
+      - id: get_url
+        name: Get release upload url
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          result-encoding: string
+          script: |
+            let uploadUrl = "${{ github.event.release.upload_url}}"
+            const tag = "${{ github.event.inputs.release_tag }}"
+            if (!uploadUrl && tag) {
+              const { data: release } = await github.repos.getReleaseByTag({
+                ...context.repo,
+                tag
+              })
+
+              if (!release.upload_url) {
+                throw new Error("unable to find a release upload url")
+              }
+
+              uploadUrl = release.upload_url
+            }
+
+            return uploadUrl
+
+      - id: get_ref
+        name: Get checkout ref for custom build scripts
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          result-encoding: string
+          script: |
+            let ref = "${{ github.event.release.tag_name }}"
+            if (!ref) {
+              ref = "${{ github.event.ref }}".replace(/refs\/[^\/]+\//, '')
+            }
+
+            if (!ref) {
+              throw new Error("unable to find a ref for action")
+            }
+
+            return ref
+
+  package_linux:
+    needs: vars
+    runs-on: ubuntu-18.04
     steps:
     - uses: actions/checkout@v2
+      with:
+        # checkout at the ref for the action, separate from the target build version
+        # this allows running build scripts independent of the target version
+        ref: ${{needs.vars.outputs.ref}}
+        fetch-depth: 0
+
     - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
 
     - name: Build package
       run: script/packages/linux
       env:
-        VERSION: ${{github.event.release.tag_name}}
+        VERSION: ${{needs.vars.outputs.version}}
 
     - uses: actions/upload-artifact@v2
       with:
-        name: ${{github.event.release.tag_name}}-linux
-        path: pkg/${{github.event.release.tag_name}}/licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
+        name: ${{needs.vars.outputs.version}}-linux
+        path: pkg/${{needs.vars.outputs.version}}/licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
 
   package_mac:
+    needs: vars
     runs-on: macOS-latest
     steps:
     - uses: actions/checkout@v2
+      with:
+        # checkout at the ref for the action, separate from the target build version
+        # this allows running build scripts independent of the target version
+        ref: ${{needs.vars.outputs.ref}}
+        fetch-depth: 0
+
     - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
 
     - name: Build package
       run: script/packages/mac
       env:
-        VERSION: ${{github.event.release.tag_name}}
+        VERSION: ${{needs.vars.outputs.version}}
 
     - uses: actions/upload-artifact@v2
       with:
-        name: ${{github.event.release.tag_name}}-darwin
-        path: pkg/${{github.event.release.tag_name}}/licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
+        name: ${{needs.vars.outputs.version}}-darwin
+        path: pkg/${{needs.vars.outputs.version}}/licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
 
   build_gem:
+    needs: vars
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
+      with:
+        # building a gem doesn't use a different ref from the version input
+        ref: ${{needs.vars.outputs.version}}
+
     - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
 
     - name: Build gem
-      run: gem build licensed.gemspec -o licensed-${{github.event.release.tag_name}}.gem
+      run: gem build licensed.gemspec -o licensed-${{needs.vars.outputs.version}}.gem
 
     - uses: actions/upload-artifact@v2
       with:
-        name: ${{github.event.release.tag_name}}-gem
-        path: licensed-${{github.event.release.tag_name}}.gem
+        name: ${{needs.vars.outputs.version}}-gem
+        path: licensed-${{needs.vars.outputs.version}}.gem
 
   upload_packages:
+    if: ${{ needs.vars.outputs.upload_url != '' }}
     runs-on: ubuntu-latest
-    needs: [package_linux, package_mac, build_gem]
+    needs: [vars, package_linux, package_mac, build_gem]
 
     steps:
     - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
 
     - name: Download linux package
       uses: actions/download-artifact@v2
       with:
-        name: ${{github.event.release.tag_name}}-linux
+        name: ${{needs.vars.outputs.version}}-linux
 
     - name: Download macOS package
       uses: actions/download-artifact@v2
       with:
-        name: ${{github.event.release.tag_name}}-darwin
+        name: ${{needs.vars.outputs.version}}-darwin
 
     - name: Download gem
       uses: actions/download-artifact@v2
       with:
-        name: ${{github.event.release.tag_name}}-gem
+        name: ${{needs.vars.outputs.version}}-gem
 
     - name: Publish linux package
       uses: actions/upload-release-asset@v1
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        upload_url: ${{ github.event.release.upload_url }}
-        asset_path: ./licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
-        asset_name: licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
+        upload_url: ${{ needs.vars.outputs.upload_url }}
+        asset_path: ./licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
+        asset_name: licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
         asset_content_type: application/gzip
 
     - name: Publish mac package
@@ -100,9 +196,9 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        upload_url: ${{ github.event.release.upload_url }}
-        asset_path: ./licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
-        asset_name: licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
+        upload_url: ${{ needs.vars.outputs.upload_url }}
+        asset_path: ./licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
+        asset_name: licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
         asset_content_type: application/gzip
 
     - name: Publish gem to RubyGems
@@ -114,4 +210,4 @@ jobs:
         gem push $GEM
       env:
         RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
-        GEM: licensed-${{github.event.release.tag_name}}.gem
+        GEM: licensed-${{needs.vars.outputs.version}}.gem

data/.github/workflows/test.yml

@@ -8,15 +8,15 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup node
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v2
       with:
         node-version: 8
     - name: Install Bower
       run: npm install -g bower
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -37,9 +37,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - name: Set up Bundler
       run: |
         yes | gem uninstall bundler --all
@@ -60,16 +60,16 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ghc: [ '8.2.2', '8.6.5' ]
-        cabal: [ '2.2', '2.4', '3.0', 'latest' ]
+        ghc: [ '8.2', '8.6', '8.8', '8.10' ]
+        cabal: [ '2.4', '3.0', '3.2' ]
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - name: Setup Haskell
-      uses: actions/setup-haskell@v1
+      uses: haskell/actions/setup@v1
       with:
         ghc-version: ${{ matrix.ghc }}
         cabal-version: ${{ matrix.cabal }}
@@ -89,17 +89,17 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [ '5.6', '7.1', '7.2', '7.3' ]
+        php: [ '7.3', '7.4' ]
     steps:
     - uses: actions/checkout@v2
     - name: Setup php
-      uses: nanasess/setup-php@v3.0.4
+      uses: nanasess/setup-php@v3.0.6
       with:
         php-version: ${{ matrix.php }}
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -116,11 +116,11 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ 2.4.x, 2.5.x, 2.6.x, 2.7.x ]
+        ruby: [ 2.5, 2.6, 2.7 ]
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{matrix.ruby}}
     - name: Set up Bundler
@@ -146,9 +146,9 @@ jobs:
       with:
         go-version: 1.10.x
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -173,9 +173,9 @@ jobs:
       with:
         go-version: ${{ matrix.go }}
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -193,9 +193,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -213,9 +213,9 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -230,18 +230,18 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        otp: [21.x, 22.x]
-        elixir: [1.8.x, 1.9.x]
+        otp: [21.x, 22.x, 23.x]
+        elixir: [ 1.10.x, 1.11.x ]
     steps:
     - uses: actions/checkout@v2
-    - uses: actions/setup-elixir@v1.0.0
+    - uses: erlef/setup-elixir@v1.6.0
       with:
         otp-version: ${{matrix.otp}}
         elixir-version: ${{matrix.elixir}}
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -258,17 +258,17 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node_version: [ 8, 10, 12 ]
+        node_version: [ 10, 12, 14, 15 ]
     steps:
     - uses: actions/checkout@v2
     - name: Setup node
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v2
       with:
         node-version: ${{ matrix.node_version }}
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -290,9 +290,9 @@ jobs:
       with:
         dotnet-version: 3.1.202
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -318,9 +318,9 @@ jobs:
         python-version: ${{ matrix.python }}
         architecture: x64
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -345,9 +345,9 @@ jobs:
         python-version: '3.x'
         architecture: x64
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:
@@ -371,7 +371,7 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Setup node
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v2
       with:
         node-version: 12
     - name: Install Yarn
@@ -379,9 +379,9 @@ jobs:
       env:
         YARN_VERSION: ${{ matrix.yarn_version }}
     - name: Set up Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.6.x
+        ruby-version: 2.6
     - run: bundle lock
     - uses: actions/cache@v1
       with:

data/.gitignore

@@ -17,6 +17,7 @@ test/fixtures/bower/bower_components
 
 test/fixtures/npm/node_modules
 test/fixtures/npm/package-lock.json
+test/fixtures/npm/package.json
 
 test/fixtures/go/src/*
 test/fixtures/go/pkg

data/CHANGELOG.md

@@ -6,10 +6,48 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.15.2
+
+2021-04-06
+
+### Fixed
+
+- The pip source works with package names containing periods (:tada: @bcskda https://github.com/github/licensed/pull/350)
+
+## 2.15.1
+
+2021-03-29
+
+### Changed
+
+- The npm source will ignore dependencies that are marked as both extraneous and missing (https://github.com/github/licensed/pull/347)
+
+## 2.15.0
+2021-03-24
+
+### Added
+- Support for npm 7 (https://github.com/github/licensed/pull/341)
+
+### Fixed
+- Files in the manifest source will be found correctly for apps that are not at the repository root (https://github.com/github/licensed/pull/345)
+
+## 2.14.4
+2021-02-09
+
+### Added
+- `list` and `cache` commands optionally print output in JSON or YML formats using the `--format/-f` flag (https://github.com/github/licensed/pull/334)
+- `list` command will include detected license keys using the `--licenses/-l` flag (https://github.com/github/licensed/pull/334)
+
+## 2.14.3
+2020-12-11
+
+### Fixed
+- Auto-generating license text for a known license will no longer raise an error if the found license has no text (:tada: @Eun https://github.com/github/licensed/pull/328)
+
 ## 2.14.2
 2020-11-20
 
-## Fixed
+### Fixed
 - Yarn source correctly finds dependency paths on disk (https://github.com/github/licensed/pull/326)
 - Go source better handles finding dependencies that have been vendored (https://github.com/github/licensed/pull/323)
 
@@ -373,4 +411,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.14.2...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.15.2...HEAD

data/README.md

@@ -110,7 +110,7 @@ Dependencies will be automatically detected for all of the following sources by
 1. [Gradle](./docs/sources/gradle.md)
 1. [Manifest lists (manifests)](./docs/sources/manifests.md)
 1. [Mix](./docs/sources/mix.md)
-1. [NPM](./docs/sources/npm.md)
+1. [npm](./docs/sources/npm.md)
 1. [NuGet](./docs/sources/nuget.md)
 1. [Pip](./docs/sources/pip.md)
 1. [Pipenv](./docs/sources/pipenv.md)

data/docker/Dockerfile.build-linux

@@ -12,3 +12,4 @@ RUN gem update --system && gem update bundler
 ENV CPPFLAGS="-P"
 ENV RUBYC="/usr/local/bin/rubyc"
 ENV LANG=C.UTF-8
+ENV SSL_CERT_DIR="/etc/ssl/certs"

data/docs/sources/npm.md

@@ -1,4 +1,4 @@
-# NPM
+# npm
 
 The npm source will detect dependencies `package.json` is found at an apps `source_path`.  It uses `npm list` to enumerate dependencies and metadata.
 

data/lib/licensed/cli.rb

@@ -12,9 +12,11 @@ module Licensed
       desc: "Path to licensed configuration file"
     method_option :sources, aliases: "-s", type: :array,
       desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
+    method_option :format, aliases: "-f", enum: ["yaml", "json"],
+      desc: "Output format"
     def cache
       run Licensed::Commands::Cache.new(config: config),
-          force: options[:force], sources: options[:sources]
+          force: options[:force], sources: options[:sources], reporter: options[:format]
     end
 
     desc "status", "Check status of dependencies' cached licenses"
@@ -33,8 +35,12 @@ module Licensed
       desc: "Path to licensed configuration file"
     method_option :sources, aliases: "-s", type: :array,
       desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
+    method_option :format, aliases: "-f", enum: ["yaml", "json"],
+      desc: "Output format"
+    method_option :licenses, aliases: "-l", type: :boolean,
+      desc: "Include detected licenses in output"
     def list
-      run Licensed::Commands::List.new(config: config), sources: options[:sources]
+      run Licensed::Commands::List.new(config: config), sources: options[:sources], reporter: options[:format], licenses: options[:licenses]
     end
 
     desc "notices", "Generate a NOTICE file from cached records"

data/lib/licensed/commands/list.rb

@@ -41,6 +41,13 @@ module Licensed
       #
       # Returns true.
       def evaluate_dependency(app, source, dependency, report)
+        report["dependency"] = dependency.name
+        report["version"] = dependency.version
+
+        if options[:licenses]
+          report["license"] = dependency.license_key
+        end
+
         true
       end
     end

data/lib/licensed/dependency.rb

@@ -142,6 +142,7 @@ module Licensed
     def generated_license_contents
       return unless license
       return if license.key == "other"
+      return if license.text.nil?
 
       # strip copyright clauses and any extra newlines
       # many package managers don't provide enough information to

data/lib/licensed/reporters/list_reporter.rb

@@ -75,7 +75,9 @@ module Licensed
       def report_dependency(dependency)
         super do |report|
           result = yield report
-          shell.info "    #{dependency.name} (#{dependency.version})"
+          info = "#{dependency.name} (#{dependency.version})"
+          info = "#{info}: #{report["license"]}" if report["license"]
+          shell.info "    #{info}"
 
           result
         end

data/lib/licensed/sources/cabal.rb

@@ -222,14 +222,25 @@ module Licensed
 
       # Returns a package info structure with an error set
       def missing_package(id)
-        name, _, version = if id.index(/\s/).nil?
-          id.rpartition("-") # e.g. to match the right-most dash from ipid fused-effects-1.0.0.0
-        else
-          id.partition(/\s/) # e.g. to match the left-most space from constraint fused-effects > 1.0.0.0
-        end
-
+        name, version = package_id_name_version(id)
         { "name" => name, "version" => version, "error" => "package not found" }
       end
+
+      # Parses the name and version pieces from an id or package requirement string
+      def package_id_name_version(id)
+        name, version = id.split(" ", 2)
+        return [name, version] if version
+
+        # split by dashes, find the rightmost thing that looks like an
+        parts = id.split("-")
+        version_start_index = parts.rindex { |part| part.match?(/^[\d\.]+$/) }
+        return [id, nil] if version_start_index.nil?
+
+        [
+          parts[0...version_start_index].join("-"),
+          parts[version_start_index..-1].join("-")
+        ]
+      end
     end
   end
 end

data/lib/licensed/sources/manifest.rb

@@ -170,7 +170,7 @@ module Licensed
       def all_files
         # remove files if they are tracked but don't exist on the file system
         @all_files ||= Set.new(Licensed::Git.files || [])
-                          .delete_if { |f| !File.exist?(f) }
+                          .delete_if { |f| !File.exist?(File.join(Licensed::Git.repository_root, f)) }
       end
 
       class Dependency < Licensed::Dependency

data/lib/licensed/sources/npm.rb

@@ -4,6 +4,25 @@ require "json"
 module Licensed
   module Sources
     class NPM < Source
+      class Dependency < ::Licensed::Dependency
+        # override license_metadata to pull homepage and summary information
+        # from a packages package.json file, if it exists
+        # this accounts for the lack of this information in npm 7's `npm list` output
+        def license_metadata
+          data = super
+          return data if !data["homepage"].to_s.empty? && !data["summary"].to_s.empty?
+
+          package_json_path = File.join(path, "package.json")
+          return data unless File.exist?(package_json_path)
+
+          package_json = JSON.parse(File.read(package_json_path))
+          data["homepage"] = package_json["homepage"]
+          data["summary"] = package_json["description"]
+
+          data
+        end
+      end
+
       def self.type
         "npm"
       end
@@ -50,6 +69,9 @@ module Licensed
         dependencies.each do |name, dependency|
           next if dependency["peerMissing"]
           next if yarn_lock_present && dependency["missing"]
+          next if dependency["extraneous"] && dependency["missing"]
+
+          dependency["name"] = name
           (result[name] ||= []) << dependency
           recursive_dependencies(dependency["dependencies"] || {}, result)
         end
@@ -59,22 +81,50 @@ module Licensed
       # Returns parsed package metadata returned from `npm list`
       def package_metadata
         return @package_metadata if defined?(@package_metadata)
+        @package_metadata = JSON.parse(package_metadata_command)
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to parse the output from 'npm list'. JSON Error: #{e.message}"
+        npm_error = package_metadata_error
+        message = "#{message}. npm Error: #{npm_error}" if npm_error
+        raise Licensed::Sources::Source::Error, message
+      end
 
-        @package_metadata = begin
-          JSON.parse(package_metadata_command)
-        rescue JSON::ParserError => e
-          raise Licensed::Sources::Source::Error,
-            "Licensed was unable to parse the output from 'npm list'. Please run 'npm list --json --long' and check for errors. Error: #{e.message}"
-        end
+      # Returns an error, if one exists, from running `npm list` to get package metadata
+      def package_metadata_error
+        Licensed::Shell.execute("npm", "list", *package_metadata_args)
+        return ""
+      rescue Licensed::Shell::Error => e
+        return e.message
       end
 
       # Returns the output from running `npm list` to get package metadata
       def package_metadata_command
         args = %w(--json --long)
-        args << "--production" unless include_non_production?
+        args.concat(package_metadata_args)
+
         Licensed::Shell.execute("npm", "list", *args, allow_failure: true)
       end
 
+      # Returns an array of arguments that should be used for all `npm list`
+      # calls, regardless of how the output is formatted
+      def package_metadata_args
+        args = []
+        args << "--production" unless include_non_production?
+
+        # on npm 7+, the --all argument is necessary to evaluate the project's
+        # full dependency tree
+        args << "--all" if npm_version >= Gem::Version.new("7.0.0")
+
+        return args
+      end
+
+      # Returns the currently installed version of npm as a Gem::Version object
+      def npm_version
+        @npm_version ||= begin
+          Gem::Version.new(Licensed::Shell.execute("npm", "-v").strip)
+        end
+      end
+
       # Returns true if a yarn.lock file exists in the current directory
       def yarn_lock_present
         @yarn_lock_present ||= File.exist?(config.pwd.join("yarn.lock"))

data/lib/licensed/sources/pip.rb

@@ -8,7 +8,7 @@ module Licensed
   module Sources
     class Pip < Source
       VERSION_OPERATORS = %w(< > <= >= == !=).freeze
-      PACKAGE_REGEX = /^([\w-]+)(#{VERSION_OPERATORS.join("|")})?/
+      PACKAGE_REGEX = /^([\w\.-]+)(#{VERSION_OPERATORS.join("|")})?/
 
       def enabled?
         return unless virtual_env_pip && Licensed::Shell.tool_available?(virtual_env_pip)

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.14.2".freeze
+  VERSION = "2.15.2".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/script/packages/build

@@ -51,8 +51,11 @@ cd $COPY_DIR
     trap "git checkout $CURRENT_BRANCH" EXIT
   fi
 
+  # get the openssl dir to use when building based on ruby's default ssl cert dir
+  OPENSSL_DIR="$(cd "$(ruby -e 'require "net/https"; puts OpenSSL::X509::DEFAULT_CERT_DIR')/.." && pwd)"
+
   # build the licensed rubyc executable
-  "$RUBYC" --clean-tmpdir -o "$BUILD_DIR/licensed" "$COPY_DIR/exe/licensed"
+  "$RUBYC" --openssl-dir "$OPENSSL_DIR" --clean-tmpdir -o "$BUILD_DIR/licensed" "$COPY_DIR/exe/licensed"
   chmod +x $BUILD_DIR/licensed
 )
 

data/script/packages/linux

@@ -34,6 +34,9 @@ build_linux_local() {
   sudo apt-get update
   sudo apt-get install -y --no-install-recommends cmake make gcc pkg-config squashfs-tools curl bison git rsync
 
+  sudo gem update --system
+  sudo gem update bundler
+
   RUBYC="$BASE_DIR/bin/rubyc-linux"
   if [ ! -f "$RUBYC" ]; then
     mkdir -p "$(dirname "$RUBYC")"
@@ -42,6 +45,7 @@ build_linux_local() {
   fi
 
   export CPPFLAGS="-P"
+  export SSL_CERT_DIR="/etc/ssl/certs"
   export RUBYC
   "$BASE_DIR"/script/packages/build
 }

data/script/packages/mac

@@ -28,6 +28,9 @@ brew update
 brew list "squashfs" &>/dev/null || brew install "squashfs"
 brew list "pkg-config" &>/dev/null || brew install "pkg-config"
 
+gem update --system
+gem update bundler
+
 if [ ! -f "$RUBYC" ]; then
   mkdir -p "$(dirname "$RUBYC")"
   curl -L https://github.com/kontena/ruby-packer/releases/download/2.6.0-0.6.0/rubyc-2.6.0-0.6.0-osx-amd64.gz | gunzip > "$RUBYC"

data/script/source-setup/npm

@@ -10,8 +10,25 @@ fi
 BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
 cd $BASE_PATH/test/fixtures/npm
 
+FORCE=""
 if [ "$1" == "-f" ]; then
-  find . -not -regex "\.*" -and -not -name "package\.json" -print0 | xargs -0 rm -rf
+  FORCE=1
+fi
+
+NPM_MAJOR_VERSION="$(npm -v | cut -d'.' -f1)"
+if [ "$NPM_MAJOR_VERSION" -ge "7" ]; then
+  PACKAGE_JSON_SRC="package.json.npm7"
+else
+  PACKAGE_JSON_SRC="package.json.npm6"
+fi
+
+if [ ! -f "package.json" ] || [ "$(cat package.json | md5sum )" != "$(cat "$PACKAGE_JSON_SRC" | md5sum)" ]; then
+  FORCE=1
+  cp -f "$PACKAGE_JSON_SRC" package.json
+fi
+
+if [ -n "$FORCE" ]; then
+  find . -not -regex "\.*" -and -not -name "package\.json*" -print0 | xargs -0 rm -rf
 fi
 
 npm install

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.14.2
+  version: 2.15.2
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-20 00:00:00.000000000 Z
+date: 2021-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -348,7 +348,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.