licensed 2.14.3 → 3.0.0

data/lib/licensed/sources/bundler/missing_specification.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require "bundler/match_platform"
+
+# Bundler normally raises a "GemNotFound" error when a specification
+# can't be materialized which halts bundler dependency enumeration.
+
+# This monkey patch instead creates MissingSpecification objects to
+# identify missing specs without raising errors and halting enumeration.
+# It was the most minimal-touch solution I could think of that should reliably
+# work across many bundler versions
+
+module Licensed
+  module Bundler
+    class MissingSpecification < Gem::BasicSpecification
+      include ::Bundler::MatchPlatform
+
+      attr_reader :name, :version, :platform, :source
+      def initialize(name:, version:, platform:, source:)
+        @name = name
+        @version = version
+        @platform = platform
+        @source = source
+      end
+
+      def dependencies
+        []
+      end
+
+      def gem_dir; end
+      def gems_dir
+        Gem.dir
+      end
+      def summary; end
+      def homepage; end
+
+      def error
+        "could not find #{name} (#{version}) in any sources"
+      end
+    end
+  end
+end
+
+module Bundler
+  class LazySpecification
+    alias_method :orig_materialize, :__materialize__
+    def __materialize__
+      spec = orig_materialize
+      return spec if spec
+
+      Licensed::Bundler:: MissingSpecification.new(name: name, version: version, platform: platform, source: source)
+    end
+  end
+end

data/lib/licensed/sources/cabal.rb

@@ -222,14 +222,25 @@ module Licensed
 
       # Returns a package info structure with an error set
       def missing_package(id)
-        name, _, version = if id.index(/\s/).nil?
-          id.rpartition("-") # e.g. to match the right-most dash from ipid fused-effects-1.0.0.0
-        else
-          id.partition(/\s/) # e.g. to match the left-most space from constraint fused-effects > 1.0.0.0
-        end
-
+        name, version = package_id_name_version(id)
         { "name" => name, "version" => version, "error" => "package not found" }
       end
+
+      # Parses the name and version pieces from an id or package requirement string
+      def package_id_name_version(id)
+        name, version = id.split(" ", 2)
+        return [name, version] if version
+
+        # split by dashes, find the rightmost thing that looks like an
+        parts = id.split("-")
+        version_start_index = parts.rindex { |part| part.match?(/^[\d\.]+$/) }
+        return [id, nil] if version_start_index.nil?
+
+        [
+          parts[0...version_start_index].join("-"),
+          parts[version_start_index..-1].join("-")
+        ]
+      end
     end
   end
 end

data/lib/licensed/sources/manifest.rb

@@ -170,7 +170,7 @@ module Licensed
       def all_files
         # remove files if they are tracked but don't exist on the file system
         @all_files ||= Set.new(Licensed::Git.files || [])
-                          .delete_if { |f| !File.exist?(f) }
+                          .delete_if { |f| !File.exist?(File.join(Licensed::Git.repository_root, f)) }
       end
 
       class Dependency < Licensed::Dependency

data/lib/licensed/sources/npm.rb

@@ -4,6 +4,25 @@ require "json"
 module Licensed
   module Sources
     class NPM < Source
+      class Dependency < ::Licensed::Dependency
+        # override license_metadata to pull homepage and summary information
+        # from a packages package.json file, if it exists
+        # this accounts for the lack of this information in npm 7's `npm list` output
+        def license_metadata
+          data = super
+          return data if !data["homepage"].to_s.empty? && !data["summary"].to_s.empty?
+
+          package_json_path = File.join(path, "package.json")
+          return data unless File.exist?(package_json_path)
+
+          package_json = JSON.parse(File.read(package_json_path))
+          data["homepage"] = package_json["homepage"]
+          data["summary"] = package_json["description"]
+
+          data
+        end
+      end
+
       def self.type
         "npm"
       end
@@ -50,6 +69,9 @@ module Licensed
         dependencies.each do |name, dependency|
           next if dependency["peerMissing"]
           next if yarn_lock_present && dependency["missing"]
+          next if dependency["extraneous"] && dependency["missing"]
+
+          dependency["name"] = name
           (result[name] ||= []) << dependency
           recursive_dependencies(dependency["dependencies"] || {}, result)
         end
@@ -59,22 +81,50 @@ module Licensed
       # Returns parsed package metadata returned from `npm list`
       def package_metadata
         return @package_metadata if defined?(@package_metadata)
+        @package_metadata = JSON.parse(package_metadata_command)
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to parse the output from 'npm list'. JSON Error: #{e.message}"
+        npm_error = package_metadata_error
+        message = "#{message}. npm Error: #{npm_error}" if npm_error
+        raise Licensed::Sources::Source::Error, message
+      end
 
-        @package_metadata = begin
-          JSON.parse(package_metadata_command)
-        rescue JSON::ParserError => e
-          raise Licensed::Sources::Source::Error,
-            "Licensed was unable to parse the output from 'npm list'. Please run 'npm list --json --long' and check for errors. Error: #{e.message}"
-        end
+      # Returns an error, if one exists, from running `npm list` to get package metadata
+      def package_metadata_error
+        Licensed::Shell.execute("npm", "list", *package_metadata_args)
+        return ""
+      rescue Licensed::Shell::Error => e
+        return e.message
       end
 
       # Returns the output from running `npm list` to get package metadata
       def package_metadata_command
         args = %w(--json --long)
-        args << "--production" unless include_non_production?
+        args.concat(package_metadata_args)
+
         Licensed::Shell.execute("npm", "list", *args, allow_failure: true)
       end
 
+      # Returns an array of arguments that should be used for all `npm list`
+      # calls, regardless of how the output is formatted
+      def package_metadata_args
+        args = []
+        args << "--production" unless include_non_production?
+
+        # on npm 7+, the --all argument is necessary to evaluate the project's
+        # full dependency tree
+        args << "--all" if npm_version >= Gem::Version.new("7.0.0")
+
+        return args
+      end
+
+      # Returns the currently installed version of npm as a Gem::Version object
+      def npm_version
+        @npm_version ||= begin
+          Gem::Version.new(Licensed::Shell.execute("npm", "-v").strip)
+        end
+      end
+
       # Returns true if a yarn.lock file exists in the current directory
       def yarn_lock_present
         @yarn_lock_present ||= File.exist?(config.pwd.join("yarn.lock"))

data/lib/licensed/sources/pip.rb

@@ -8,7 +8,7 @@ module Licensed
   module Sources
     class Pip < Source
       VERSION_OPERATORS = %w(< > <= >= == !=).freeze
-      PACKAGE_REGEX = /^([\w-]+)(#{VERSION_OPERATORS.join("|")})?/
+      PACKAGE_REGEX = /^([\w\.-]+)(#{VERSION_OPERATORS.join("|")})?/
 
       def enabled?
         return unless virtual_env_pip && Licensed::Shell.tool_available?(virtual_env_pip)

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.14.3".freeze
+  VERSION = "3.0.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/script/packages/build

@@ -51,8 +51,11 @@ cd $COPY_DIR
     trap "git checkout $CURRENT_BRANCH" EXIT
   fi
 
+  # get the openssl dir to use when building based on ruby's default ssl cert dir
+  OPENSSL_DIR="$(cd "$(ruby -e 'require "net/https"; puts OpenSSL::X509::DEFAULT_CERT_DIR')/.." && pwd)"
+
   # build the licensed rubyc executable
-  "$RUBYC" --clean-tmpdir -o "$BUILD_DIR/licensed" "$COPY_DIR/exe/licensed"
+  "$RUBYC" --openssl-dir "$OPENSSL_DIR" --clean-tmpdir -o "$BUILD_DIR/licensed" "$COPY_DIR/exe/licensed"
   chmod +x $BUILD_DIR/licensed
 )
 

data/script/packages/linux

@@ -34,6 +34,9 @@ build_linux_local() {
   sudo apt-get update
   sudo apt-get install -y --no-install-recommends cmake make gcc pkg-config squashfs-tools curl bison git rsync
 
+  sudo gem update --system
+  sudo gem update bundler
+
   RUBYC="$BASE_DIR/bin/rubyc-linux"
   if [ ! -f "$RUBYC" ]; then
     mkdir -p "$(dirname "$RUBYC")"
@@ -42,6 +45,7 @@ build_linux_local() {
   fi
 
   export CPPFLAGS="-P"
+  export SSL_CERT_DIR="/etc/ssl/certs"
   export RUBYC
   "$BASE_DIR"/script/packages/build
 }

data/script/packages/mac

@@ -28,6 +28,9 @@ brew update
 brew list "squashfs" &>/dev/null || brew install "squashfs"
 brew list "pkg-config" &>/dev/null || brew install "pkg-config"
 
+gem update --system
+gem update bundler
+
 if [ ! -f "$RUBYC" ]; then
   mkdir -p "$(dirname "$RUBYC")"
   curl -L https://github.com/kontena/ruby-packer/releases/download/2.6.0-0.6.0/rubyc-2.6.0-0.6.0-osx-amd64.gz | gunzip > "$RUBYC"

data/script/source-setup/npm

@@ -10,8 +10,25 @@ fi
 BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
 cd $BASE_PATH/test/fixtures/npm
 
+FORCE=""
 if [ "$1" == "-f" ]; then
-  find . -not -regex "\.*" -and -not -name "package\.json" -print0 | xargs -0 rm -rf
+  FORCE=1
+fi
+
+NPM_MAJOR_VERSION="$(npm -v | cut -d'.' -f1)"
+if [ "$NPM_MAJOR_VERSION" -ge "7" ]; then
+  PACKAGE_JSON_SRC="package.json.npm7"
+else
+  PACKAGE_JSON_SRC="package.json.npm6"
+fi
+
+if [ ! -f "package.json" ] || [ "$(cat package.json | md5sum )" != "$(cat "$PACKAGE_JSON_SRC" | md5sum)" ]; then
+  FORCE=1
+  cp -f "$PACKAGE_JSON_SRC" package.json
+fi
+
+if [ -n "$FORCE" ]; then
+  find . -not -regex "\.*" -and -not -name "package\.json*" -print0 | xargs -0 rm -rf
 fi
 
 npm install

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.14.3
+  version: 3.0.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-12-13 00:00:00.000000000 Z
+date: 2021-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -243,7 +243,8 @@ files:
 - docs/adding_a_new_source.md
 - docs/commands.md
 - docs/configuration.md
-- docs/migrating_to_newer_versions.md
+- docs/migrations/v2.md
+- docs/migrations/v3.md
 - docs/packaging.md
 - docs/reporters.md
 - docs/sources/bower.md
@@ -290,6 +291,7 @@ files:
 - lib/licensed/sources.rb
 - lib/licensed/sources/bower.rb
 - lib/licensed/sources/bundler.rb
+- lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
 - lib/licensed/sources/composer.rb
 - lib/licensed/sources/dep.rb
@@ -348,7 +350,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.