licensed 0.6.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 188fefd78d80c7a9d36985fde025efada389711a
+  data.tar.gz: 9cd69efe41165826cfeca9ba29ab930a9718afbd
+SHA512:
+  metadata.gz: bf8b94250ef319e828bf0740056087057e744e3f460f841293c2cef95d8c31dc7f25a484f97b9fbf4a1f3af873a95e6f23f5ea653c9808e868d1a856fb946bb4
+  data.tar.gz: 23f5f40eb1620bbae7370a0bde096becd916dd49f76703413939271509d975f612c1c22864f423b8d962934d5b91e54d49829d70e77d116ba3993476b61091f0

data/.bowerrc

@@ -0,0 +1,3 @@
+{
+  "cwd": "test/fixtures"
+}

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+test/fixtures/bower_components
+test/fixtures/node_modules
+vendor/licenses

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.3
+before_install: gem install bundler -v 1.10.6

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in licensed.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 GitHub, Inc. and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,96 @@
+# Licensed
+
+Licensed is a Ruby gem to cache and verify the licenses of dependencies.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'licensed', :group => 'development'
+```
+
+And then execute:
+
+    $ bundle
+
+## Usage
+
+- `licensed cache`: Cache licenses and metadata in `vendor/licenses`
+
+- `licensed verify`: Check for issues with the licenses of dependencies. For example:
+
+```
+$ bundle exec licensed verify
+Verifying licenses for 3 dependencies
+
+Warnings:
+
+vendor/licenses/rubygem/bundler.txt:
+  - license needs reviewed: mit.
+
+vendor/licenses/rubygem/licensee.txt:
+  - missing license data
+
+vendor/licenses/bower/jquery.txt:
+  - license needs reviewed: mit.
+  - cached license data out of date
+
+3 dependencies checked, 3 warnings found.
+```
+
+### Configuration
+
+Configuration is managed by `vendor/licenses/config.yml`.
+
+```yml
+# Dependencies with these licenses are approved by default.
+whitelist:
+  - mit
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - cc0-1.0
+
+# These dependencies are explicitly ignored.
+ignored:
+  rubygem:
+    - some-internal-gem
+
+  bower:
+    - some-internal-package
+
+# These dependencies have been reviewed.
+reviewed:
+  rubygem:
+    - bcrypt-ruby
+
+  bower:
+  - classlist # public domain
+  - octicons
+```
+
+### Sources
+
+Dependencies from Bundler, NPM, and Bower will be automatically detected. You can disable any of them in `vendor/licenses/config.yml`:
+
+```yml
+sources:
+  rubygem: false
+  npm: false
+  bower: false
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "licensed"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Install bower fixtures
+bower install
+
+# Install bower fixtures
+cd test/fixtures && npm install

data/exe/licensed

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+require "licensed/cli"
+Licensed::CLI.start

data/exe/licensor

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+warn "The `licensor` command has been renamed to `licensed` and is deprecated."
+
+load File.expand_path("../licensed", __FILE__)

data/lib/licensed.rb

@@ -0,0 +1,39 @@
+require "licensed/version"
+require "licensed/configuration"
+require "licensed/license"
+require "licensed/dependency"
+require "licensed/source/bundler"
+require "licensed/source/bower"
+require "licensed/source/npm"
+require "licensed/command/cache"
+require "licensed/command/verify"
+require "licensed/ui/shell"
+require "octokit"
+
+module Licensed
+  class << self
+    attr_accessor :use_github
+  end
+
+  self.use_github = true
+
+  GITHUB_URL = %r{\Ahttps://github.com/([a-z0-9]+(-[a-z0-9]+)*/(\w|\.|\-)+)}
+  LICENSE_CONTENT_TYPE = "application/vnd.github.drax-preview+json"
+
+  def self.from_github(url)
+    return unless use_github && match = GITHUB_URL.match(url)
+
+    license_url = Octokit::Repository.path(match[1]) + "/license"
+    response = octokit.get license_url, :accept => LICENSE_CONTENT_TYPE
+    [
+      response["license"]["key"],
+      Base64.decode64(response["content"]).force_encoding('UTF-8')
+    ]
+  rescue Octokit::NotFound
+    nil
+  end
+
+  def self.octokit
+    @octokit ||=  Octokit::Client.new(:access_token => ENV["GITHUB_TOKEN"])
+  end
+end

data/lib/licensed/cli.rb

@@ -0,0 +1,33 @@
+require "licensed"
+require "thor"
+
+module Licensed
+  class CLI < Thor
+
+    desc "cache", "Cache the licenses of dependencies"
+    method_option :force, :type => :boolean,
+      :desc => "Overwrite licenses even if version has not changed."
+    method_option :offline, :type => :boolean,
+      :desc => "Do not make network calls."
+    def cache
+      Licensed.use_github = false if options[:offline]
+      run Licensed::Command::Cache.new(config), force: options[:force]
+    end
+
+    desc "verify", "Verify licenses of dependencies"
+    def verify
+      run Licensed::Command::Verify.new(config)
+    end
+
+    private
+
+    def config
+      @config ||= Configuration.new
+    end
+
+    def run(command, *args)
+      command.run(*args)
+      exit command.success?
+    end
+  end
+end

data/lib/licensed/command/cache.rb

@@ -0,0 +1,56 @@
+module Licensed
+  module Command
+    class Cache
+      attr_reader :config
+
+      def initialize(config)
+        @config = config
+      end
+
+      def run(force: false)
+        @config.sources.each do |source|
+          @config.ui.info "Caching licenses for #{source.type} dependencies:"
+
+          source.dependencies.each do |dependency|
+            next if @config.ignored?(dependency)
+
+            filename = @config.path.join("#{source.type}/#{dependency["name"]}.txt")
+
+            if File.exist?(filename)
+              license = Licensed::License.read(filename)
+
+              # Version did not change, no need to re-cache
+              if !force && dependency["version"] == license["version"]
+                @config.ui.info "  Using #{dependency["name"]} (#{dependency["version"]})"
+                next
+              end
+            end
+
+            @config.ui.info "  Caching #{dependency["name"]} (#{dependency["version"]})"
+
+            dependency.detect_license!
+            dependency.save(filename)
+          end
+
+          # Clean up dependencies that have been removed
+          names = source.dependencies.map do |dependency|
+            dependency["name"] unless @config.ignored?(dependency)
+          end.compact
+
+          Dir.glob(@config.path.join("#{source.type}/*.txt")).each do |file|
+            FileUtils.rm(file) unless names.include?(File.basename(file, ".txt"))
+          end
+        end
+
+        @config.ui.confirm "License caching complete!"
+        @config.sources.each do |source|
+          @config.ui.confirm "* #{source.type} dependencies: #{source.dependencies.size}"
+        end
+      end
+
+      def success?
+        true
+      end
+    end
+  end
+end

data/lib/licensed/command/verify.rb

@@ -0,0 +1,72 @@
+require 'yaml'
+
+module Licensed
+  module Command
+    class Verify
+      attr_reader :config
+
+      def initialize(config)
+        @config = config
+      end
+
+      def approved?(dependency)
+        @config.whitelisted?(dependency) ||
+        @config.reviewed?(dependency)
+      end
+
+      def dependencies
+        @dependencies ||= @config.sources.map(&:dependencies).flatten
+      end
+
+      def run
+        @config.ui.info "Verifying licenses for #{dependencies.size} dependencies"
+
+        @results = dependencies.map do |dependency|
+          next if @config.ignored?(dependency)
+          filename = @config.path.join("#{dependency["type"]}/#{dependency["name"]}.txt")
+
+          warnings = []
+
+          if File.exists?(filename)
+            license = License.read(filename)
+
+            if license["version"] != dependency["version"]
+              warnings << "cached license data out of date"
+            end
+            warnings << "missing license text" if license.text.strip.empty?
+            unless approved?(license)
+              warnings << "license needs reviewed: #{license["license"]}."
+            end
+          else
+            warnings << "missing license data"
+          end
+
+          if warnings.size > 0
+            @config.ui.error("F", false)
+            [filename, warnings]
+          else
+            @config.ui.confirm(".", false)
+            nil
+          end
+        end.compact
+
+        unless success?
+          @config.ui.warn "\n\nWarnings:"
+
+          @results.each do |filename, warnings|
+            @config.ui.info "\n#{filename}:"
+            warnings.each do |warning|
+              @config.ui.error "  - #{warning}"
+            end
+          end
+        end
+
+        puts "\n#{dependencies.size} dependencies checked, #{@results.size} warnings found."
+      end
+
+      def success?
+        @results.empty?
+      end
+    end
+  end
+end

data/lib/licensed/configuration.rb

@@ -0,0 +1,70 @@
+require "pathname"
+
+module Licensed
+  class Configuration < Hash
+    attr_accessor :ui
+
+    def initialize
+      super()
+      update config_path.exist? ? YAML.load_file(config_path) : {}
+
+      self["sources"] ||= {}
+      self["reviewed"] ||= {}
+      self["ignored"] ||= {}
+      self["whitelist"] ||= []
+
+      @ui = Licensed::UI::Shell.new
+    end
+
+    def path
+      Pathname.new("vendor/licenses")
+    end
+
+    def config_path
+      path.join("config.yml")
+    end
+
+    def pwd
+      Pathname.new(Dir.pwd)
+    end
+
+    def sources
+      @sources ||= [
+        Source::Bundler.new(self),
+        Source::Bower.new(self),
+        Source::NPM.new(self)
+      ].select(&:enabled?)
+    end
+
+    def enabled?(source_type)
+      self["sources"].fetch(source_type, true)
+    end
+
+    # Is the given dependency approved?
+    def reviewed?(dependency)
+      Array(self["reviewed"][dependency["type"]]).include?(dependency["name"])
+    end
+
+    # Is the given dependency ignored?
+    def ignored?(dependency)
+      Array(self["ignored"][dependency["type"]]).include?(dependency["name"])
+    end
+
+    # Is the license of the dependency whitelisted?
+    def whitelisted?(dependency)
+      Array(self["whitelist"]).include?(dependency["license"])
+    end
+
+    def ignore(dependency)
+      (self["ignored"][dependency["type"]] ||= []) << dependency["name"]
+    end
+
+    def review(dependency)
+      (self["reviewed"][dependency["type"]] ||= []) << dependency["name"]
+    end
+
+    def whitelist(license)
+      self["whitelist"] << license
+    end
+  end
+end

data/lib/licensed/dependency.rb

@@ -0,0 +1,50 @@
+require "licensee"
+
+module Licensed
+  class Dependency < License
+    LEGAL_FILES = /\A(COPYING|NOTICE|LEGAL)(?:\..*)?\z/i
+
+    attr_reader :path
+
+    def initialize(path, metadata = {})
+      @path = path
+      super metadata
+    end
+
+    def project
+      @project ||= Licensee::FSProject.new(path, detect_packages: true, detect_readme: true)
+    end
+
+    def detect_license!
+      if project.license_file
+        license = project.license.key if project.license
+      else
+        # No license file detected, see if there is one in the GitHub repository
+        license, content = Licensed.from_github(self["homepage"])
+
+        # No license in the GitHub repository, see if there is one in the README
+        if !license && project.readme
+          license = project.license.key if project.license
+          content = project.readme.content
+        end
+      end
+
+      self["license"] = license || package_manager_license || "other"
+      self.text = ([content] + self.notices).compact.join("\n" + "-" * 80 + "\n")
+    end
+
+    def package_manager_license
+      project.license.key if project.license
+    end
+
+    # Extract legal notices from the dependency source
+    def notices
+      files = Dir.foreach(path).select do |file|
+        File.file?(File.join(path, file)) && file.match(LEGAL_FILES)
+      end
+      files.unshift project.license_file.filename if project.license_file
+
+      files.uniq.map { |f| File.read(File.join(path, f)) }
+    end
+  end
+end

data/lib/licensed/license.rb

@@ -0,0 +1,42 @@
+require "yaml"
+require "fileutils"
+require "forwardable"
+
+module Licensed
+  class License
+    YAML_FRONTMATTER_PATTERN = /\A---\s*\n(.*?\n?)^---\s*$\n?(.*)\z/m
+    LEGAL_FILES = /\A(COPYING|NOTICE|LEGAL)(?:\..*)?\z/i
+
+    # Read an existing license file
+    #
+    # filename - A String path to the file
+    #
+    # Returns a Licensed::License
+    def self.read(filename)
+      match = File.read(filename).match(YAML_FRONTMATTER_PATTERN)
+      new(YAML.load(match[1]), match[2])
+    end
+
+    extend Forwardable
+    def_delegators :@metadata, :[], :[]=
+
+    # The license text and other legal notices
+    attr_accessor :text
+
+    # Construct a new license
+    #
+    # filename - the String path of the file
+    # metadata - a Hash of the metadata for the package
+    # text     - a String of the license text and other legal notices
+    def initialize(metadata = {}, text = nil)
+      @metadata = metadata
+      @text = text
+    end
+
+    # Save the metadata and license to a file
+    def save(filename)
+      FileUtils.mkdir_p(File.dirname(filename))
+      File.write(filename, YAML.dump(@metadata) + "---\n#{text}")
+    end
+  end
+end

data/lib/licensed/source/bower.rb

@@ -0,0 +1,48 @@
+require "json"
+
+module Licensed
+  module Source
+    class Bower
+      def initialize(config)
+        @config = config
+      end
+
+      def type
+        "bower"
+      end
+
+      def enabled?
+        return false unless @config.enabled?(type)
+        
+        [@config.pwd.join(".bowerrc"), @config.pwd.join("bower.json")].any? do |path|
+          File.exist?(path)
+        end
+      end
+
+      def dependencies
+        @dependencies ||= Dir.glob(bower_path.join("*/.bower.json")).map do |file|
+          package = JSON.parse(File.read(file))
+          Dependency.new(File.dirname(file), {
+            "type"     => type,
+            "name"     => package["name"],
+            "version"  => package["version"],
+            "summary"  => package["description"],
+            "homepage" => package["homepage"]
+          })
+        end
+      end
+
+      def bower_config
+        @bower_config ||= begin
+          path = @config.pwd.join(".bowerrc")
+          path.exist? ? JSON.parse(path.read) : {}
+        end
+      end
+
+      def bower_path
+        pwd = bower_config["cwd"] ? Pathname.new(bower_config["cwd"]) : @config.pwd
+        pwd.join bower_config["directory"] || "bower_components"
+      end
+    end
+  end
+end

data/lib/licensed/source/bundler.rb

@@ -0,0 +1,49 @@
+require "bundler"
+
+module Licensed
+  module Source
+    class Bundler
+      def initialize(config)
+        @config = config
+      end
+
+      def enabled?
+        @config.enabled?(type) && File.exist?(lockfile_path)
+      end
+
+      def type
+        "rubygem"
+      end
+
+      def dependencies
+        @dependencies ||= definition.specs_for(groups).map do |spec|
+          Dependency.new(spec.gem_dir, {
+            "type"     => type,
+            "name"     => spec.name,
+            "version"  => spec.version.to_s,
+            "summary"  => spec.summary,
+            "homepage" => spec.homepage
+          })
+        end
+      end
+
+      # Build the bundler definition
+      def definition
+        @definition ||= ::Bundler::Definition.build(gemfile_path, lockfile_path, nil)
+      end
+
+      def groups
+        definition.groups - [:test, :development]
+      end
+
+      def gemfile_path
+        @config.pwd.join "Gemfile"
+      end
+
+      def lockfile_path
+        @config.pwd.join "Gemfile.lock"
+      end
+
+    end
+  end
+end

data/lib/licensed/source/npm.rb

@@ -0,0 +1,47 @@
+require "json"
+
+module Licensed
+  module Source
+    class NPM
+      def initialize(config)
+        @config = config
+      end
+
+      def type
+        "npm"
+      end
+
+      def enabled?
+        @config.enabled?(type) && File.exist?(@config.pwd.join("package.json"))
+      end
+
+      def dependencies
+        return @dependencies if defined?(@dependencies)
+
+        packages = recursive_dependencies(JSON.parse(command)["dependencies"])
+
+        @dependencies = packages.map do |name, package|
+          Dependency.new(package["realPath"], {
+            "type"     => type,
+            "name"     => package["name"],
+            "version"  => package["version"],
+            "summary"  => package["description"],
+            "homepage" => package["homepage"]
+          })
+        end
+      end
+
+      def command
+        `npm list --json --production --long`
+      end
+
+      def recursive_dependencies(dependencies, result = {})
+        dependencies.each do |name, dependency|
+          (result[name] ||= {}).update(dependency)
+          recursive_dependencies(dependency["dependencies"] || {}, result)
+        end
+        result
+      end
+    end
+  end
+end

data/lib/licensed/ui/shell.rb

@@ -0,0 +1,50 @@
+require "thor"
+
+module Licensed
+  module UI
+    class Shell
+      LEVELS = %w(silent error warn confirm info debug)
+
+      def initialize
+        @shell = STDOUT.tty? ? Thor::Base.shell.new : Thor::Shell::Basic.new
+        @level = ENV['DEBUG'] ? "debug" : "info"
+      end
+
+      def debug(msg, newline = true)
+        @shell.say msg, nil, newline if level?("debug")
+      end
+
+      def info(msg, newline = true)
+        @shell.say msg, nil, newline if level?("info")
+      end
+
+      def confirm(msg, newline = true)
+        @shell.say msg, :green, newline if level?("confirm")
+      end
+
+      def warn(msg, newline = true)
+        @shell.say msg, :yellow, newline if level?("warn")
+      end
+
+      def error(msg, newline = true)
+        @shell.say msg, :red, newline if level?("error")
+      end
+
+      def level=(level)
+        raise ArgumentError unless LEVELS.include?(level.to_s)
+        @level = level
+      end
+
+      def level?(name = nil)
+        name ? LEVELS.index(name) <= LEVELS.index(@level) : @level
+      end
+
+      def silence
+        old_level, @level = @level, "silent"
+        yield
+      ensure
+        @level = old_level
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -0,0 +1,3 @@
+module Licensed
+  VERSION = "0.6.0"
+end

data/licensed.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'licensed/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "licensed"
+  spec.version       = Licensed::VERSION
+  spec.authors       = ["GitHub"]
+  spec.email         = ["opensource@github.com"]
+
+  spec.summary       = %q{extract and validate the licenses of dependencies.}
+  spec.description   = File.read("README.md")
+  spec.homepage      = "https://github.com/github/licensed"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "licensee", "~> 8.0"
+  spec.add_dependency "thor", "~>0.19"
+  spec.add_dependency "octokit", "~>4.0"
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.8"
+  spec.add_development_dependency "vcr", "~> 2.9"
+  spec.add_development_dependency "webmock", "~> 1.21"
+end

metadata

@@ -0,0 +1,279 @@
+--- !ruby/object:Gem::Specification
+name: licensed
+version: !ruby/object:Gem::Version
+  version: 0.6.0
+platform: ruby
+authors:
+- GitHub
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-03-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: licensee
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.19'
+- !ruby/object:Gem::Dependency
+  name: octokit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.8'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+description: |
+  # Licensed
+
+  Licensed is a Ruby gem to cache and verify the licenses of dependencies.
+
+  ## Installation
+
+  Add this line to your application's Gemfile:
+
+  ```ruby
+  gem 'licensed', :group => 'development'
+  ```
+
+  And then execute:
+
+      $ bundle
+
+  ## Usage
+
+  - `licensed cache`: Cache licenses and metadata in `vendor/licenses`
+
+  - `licensed verify`: Check for issues with the licenses of dependencies. For example:
+
+  ```
+  $ bundle exec licensed verify
+  Verifying licenses for 3 dependencies
+
+  Warnings:
+
+  vendor/licenses/rubygem/bundler.txt:
+    - license needs reviewed: mit.
+
+  vendor/licenses/rubygem/licensee.txt:
+    - missing license data
+
+  vendor/licenses/bower/jquery.txt:
+    - license needs reviewed: mit.
+    - cached license data out of date
+
+  3 dependencies checked, 3 warnings found.
+  ```
+
+  ### Configuration
+
+  Configuration is managed by `vendor/licenses/config.yml`.
+
+  ```yml
+  # Dependencies with these licenses are approved by default.
+  whitelist:
+    - mit
+    - apache-2.0
+    - bsd-2-clause
+    - bsd-3-clause
+    - cc0-1.0
+
+  # These dependencies are explicitly ignored.
+  ignored:
+    rubygem:
+      - some-internal-gem
+
+    bower:
+      - some-internal-package
+
+  # These dependencies have been reviewed.
+  reviewed:
+    rubygem:
+      - bcrypt-ruby
+
+    bower:
+    - classlist # public domain
+    - octicons
+  ```
+
+  ### Sources
+
+  Dependencies from Bundler, NPM, and Bower will be automatically detected. You can disable any of them in `vendor/licenses/config.yml`:
+
+  ```yml
+  sources:
+    rubygem: false
+    npm: false
+    bower: false
+  ```
+
+  ## Development
+
+  After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+  ## Contributing
+
+  Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+
+  ## License
+
+  The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+email:
+- opensource@github.com
+executables:
+- licensed
+- licensor
+extensions: []
+extra_rdoc_files: []
+files:
+- ".bowerrc"
+- ".gitignore"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/licensed
+- exe/licensor
+- lib/licensed.rb
+- lib/licensed/cli.rb
+- lib/licensed/command/cache.rb
+- lib/licensed/command/verify.rb
+- lib/licensed/configuration.rb
+- lib/licensed/dependency.rb
+- lib/licensed/license.rb
+- lib/licensed/source/bower.rb
+- lib/licensed/source/bundler.rb
+- lib/licensed/source/npm.rb
+- lib/licensed/ui/shell.rb
+- lib/licensed/version.rb
+- licensed.gemspec
+homepage: https://github.com/github/licensed
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: extract and validate the licenses of dependencies.
+test_files: []