licensed 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b1d1f0def7d120443e89895960f41bb7dd90a63f
-  data.tar.gz: 951687b4ab3804df152f6dbbbfd4ffd2db3e3c71
+  metadata.gz: a40ec635869b9918fb610cf744adb0ff82a65410
+  data.tar.gz: f810f71a593eb01547b1ffc518b19e3df8b21ca3
 SHA512:
-  metadata.gz: b7ca6dc13ebb771ed191e36fde4ab7c75aaadd1ca2e406a925595f3ee98553f660a8d81c677a2d87c346c0bfb32b8693e07cf90f8c5b6e0a817f368326d5f262
-  data.tar.gz: '0197b0088dd379120614fb725efd41a58d3eed9744e32928220ecb431d63f8be5229888f1857e1ef2b5a3cbfc7810524b10b33c84c71a9990000c26f7f7bb912'
+  metadata.gz: c4b254f5fb6bd2a268adfc06971e82421be382d3f83d3eaca29acd5839c56d8c646c151c1b6702fb636c148ab2fff173171e066da315f1e2bf2ceb47349f8b46
+  data.tar.gz: 9426edecae8edf19eb61374711f3fdb2eae46468c0c0eff1d7db13f21718ac524a7f21bb1dce5f528d02e8f9bee68e043a393ebe513ee8ef6da5ef71073d0923

data/CHANGELOG.md

@@ -6,6 +6,21 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 1.3.0 - 2018-07-25
+### Added
+- Manifests for the manifest dependency source can be specified using glob patterns in the configuration
+- Paths to licenses for dependencies from the manifest dependency source can be specified in the configuration
+- Manifest dependency source looks for license content in C-style comments if a license file isn't found
+
+## Changes
+- GitHub is no longer queried to find remote license information
+- Removed custom logic around determining whether to use the license key from `licensee`
+- NPM dependency enumeration doesn't use `npm list`
+- Licensed now tracks content from multiple license files when available
+
+### Fixed
+- Fixed regression finding platform-specific ruby gems
+
 ## 1.2.0 - 2018-06-22
 ### Added
 - Building and packaging distributable exes for licensed releases
@@ -45,4 +60,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/1.2.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/1.3.0...HEAD

data/README.md

@@ -80,7 +80,7 @@ Dependencies will be automatically detected for
 5. [Go Dep](./docs/sources/dep.md)
 6. [Manifest lists](./docs/sources/manifests.md)
 7. [NPM](./docs/sources/npm.md)
-8. [Pip](./docs/source/pip.md)
+8. [Pip](./docs/sources/pip.md)
 
 You can disable any of them in the configuration file:
 

data/docs/sources/manifests.md

@@ -1,6 +1,16 @@
 # Manifests
 
-The manifest source can be used when no package managers are available.
+The manifest source can be used when no package managers are available.  The manifest source will be enabled when a manifest file is found or a manifest is configured in the configuration file.
+
+## Manifest sources
+
+A dependency file manifest can be specified in two ways - a dependency manifest file or in the licensed configuration file as a set of patterns used to find files.
+
+Manifests are loaded from (in order)
+- A manifest file, if found
+- The licensed configuration file, if a manifest file is not found and the `manifest.dependencies` configuration property exists.
+
+### Manifest files
 
 Manifest files are used to match source files with their corresponding packages to find package dependencies.  Manifest file paths can be specified in the app configuration with the following setting:
 ```yml
@@ -19,8 +29,119 @@ The manifest can be a JSON or YAML file with a single root object and properties
 }
 ```
 
-File paths are relative to the git repository root.  Package names will be used for the metadata file names at `path/to/cache/manifest/<package>.txt`
+File paths are relative to the git repository root.  A metadata file, `path/to/cache/manifest/<package>.txt`, will be created for each package.
+
+**NOTE** It is the responsibility of the repository owner to maintain the manifest file.
+
+### Configured manifest
+
+Manifests can be specified using patterns specified in the configuration file.
+
+Dependencies are specified at the `manifest.dependencies` configuration property and should map dependency names to one or more patterns of files matching the dependencies.
+
+In the following example, there are two dependencies, `package` and `nested`, where `nested` is a sub-dependency in the `vendor/package` folder.  Using inclusion and exclusion patterns we can specify that files in the `vendor/package/nested` folder belong to the `nested` package, while all other files belong to `package`.
+
+```yaml
+manifest:
+  dependencies:
+    package:
+      - "vendor/package/**/*"
+      - "!vendor/package/nested/*"
+    nested: "vendor/package/nested/*"
+```
+
+This demonstrates that
+1. Dependencies can be mapped to a string or an array of strings
+2. Inclusion and exclusion patterns apply
+3. Patterns follow a glob-style format
+
+#### Pattern format
+
+Patterns are evaluated using [Dir.glob](https://ruby-doc.org/core/Dir.html#method-c-glob) and must follow these rules:
+1. Patterns are evaluated from the project root directory
+2. Patterns will only match files that are tracked by Git
+3. Patterns should follow standard shell glob syntax
+4. Patterns are evaluated in the order specified - order matters!
+5. `!` can be appended to any pattern to indicate a negative pattern
+   - Negative patterns exclude matching files from the result set
+   - If a pattern should match files starting with `!`, escape the leading `!` with `\` -> `\!filename`
+6. Patterns will match dotfiles
+
+**NOTE** If the first, or only, pattern for a dependency is a negative pattern, it will not affect the set of files matched to a dependency.  An inclusion pattern should always be specified before any negative patterns for a dependency.
+
+#### Restrictions for specifying dependency patterns via configuration
+
+The following restrictions will raise errors if they are not met when specifying manifest dependency patterns in the configuration file
+
+1. The dependencies key is specified but is empty
+2. A file in the project is not attributed to any of the configured dependencies
+   - The manifest by default will track all files in the project to ensure that license metadata updates occur when dependencies change
+   - See [Globally excluding files](#globally-excluding-files) to limit the scope of files that are tracked
+3. A file in the project is attributed to multiple configured dependencies
+   - All files must be tracked by a single dependency
+
+#### Globally excluding files
+
+Tracking project files is needed to make sure that any changes to dependencies does not go unnoticed.  What about non-dependency code?
+
+To reduce friction on changes to project code, global exclusion patterns can be added to the configuration that will cause any matching files to **NOT** be tracked as a dependency of the project.
+
+Global exclusion patterns follow the same rules as [dependency patterns](#pattern-format) and are set on the `manifest.exclude` property.
+
+The following example excludes all files that are not under the `vendor` folder.
+
+```yaml
+manifest:
+  exclude:
+    - "**/*"
+    - "!vendor/**/*"
+```
+
+## Finding license content
+
+### From common source file directories
 
 If multiple source files map to a single package and they share a common path under the git repository root, that directory will be used to find license information, if available.
 
-It is the responsibility of the repository owner to maintain the manifest file.
+### From source file comments
+
+When a file containing license content is not found for a group of source files,
+Licensed will attempt to parse license text from source file comments.
+
+There are some limitations on this functionality:
+
+1. Comments MUST contain a copyright statement
+2. Comments MUST be C-style multiline comments, e.g. `/* comment */`
+3. Comments SHOULD contain identical indentation for each content line.
+
+The following examples are all :+1:.  Licensed will try to preserve formatting,
+however for best results comments should not mix tabs and spaces in leading whitespace.
+```
+/*
+   <copyright statement>
+
+   <license text>
+ */
+
+/* <copyright statement>
+   <license text>
+ */
+
+/*
+ * <copyright statement>
+ * <license text>
+ *
+ * <license text>
+ */
+```
+
+### From license files specified in the configuration
+
+If all else fails, the path to a dependency's license files can be specified manually
+in the configuration.  All paths should be relative to the repository root.
+
+```yaml
+manifest:
+  licenses:
+    package: path/to/LICENSE
+```

data/lib/licensed.rb

@@ -17,32 +17,3 @@ require "licensed/command/cache"
 require "licensed/command/status"
 require "licensed/command/list"
 require "licensed/ui/shell"
-require "octokit"
-
-module Licensed
-  class << self
-    attr_accessor :use_github
-  end
-
-  self.use_github = true
-
-  GITHUB_URL = %r{\Ahttps://github.com/([a-z0-9]+(-[a-z0-9]+)*/(\w|\.|\-)+)}
-  LICENSE_CONTENT_TYPE = "application/vnd.github.drax-preview+json"
-
-  # Load license content from a GitHub url.  Returns nil if the url does not point
-  # to a GitHub repository, or if the license content is not found
-  def self.from_github(url)
-    return unless use_github && match = GITHUB_URL.match(url)
-
-    license_url = Octokit::Repository.path(match[1]) + "/license"
-    response = octokit.get license_url, accept: LICENSE_CONTENT_TYPE
-    content = Base64.decode64(response["content"]).force_encoding("UTF-8")
-    Licensee::ProjectFiles::LicenseFile.new(content, response["name"])
-  rescue Octokit::NotFound
-    nil
-  end
-
-  def self.octokit
-    @octokit ||=  Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
-  end
-end

data/lib/licensed/cli.rb

@@ -9,11 +9,10 @@ module Licensed
     method_option :force, type: :boolean,
       desc: "Overwrite licenses even if version has not changed."
     method_option :offline, type: :boolean,
-      desc: "Do not make network calls."
+      desc: "This option is deprecated and will be removed in the next major release."
     method_option :config, aliases: "-c", type: :string,
       desc: "Path to licensed configuration file"
     def cache
-      Licensed.use_github = false if options[:offline]
       run Licensed::Command::Cache.new(config), force: options[:force]
     end
 

data/lib/licensed/dependency.rb

@@ -9,17 +9,10 @@ module Licensed
     attr_reader :search_root
 
     def initialize(path, metadata = {})
-      @path = path
       @search_root = metadata.delete("search_root")
-
-      # with licensee providing license_file[:dir],
-      # enforcing absolute paths makes life much easier when determining
-      # an absolute file path in notices
-      unless Pathname.new(path).absolute?
-        raise "Dependency path #{path} must be absolute"
-      end
-
       super metadata
+
+      self.path = path
     end
 
     # Returns a Licensee::Projects::FSProject for the dependency path
@@ -27,12 +20,24 @@ module Licensed
       @project ||= Licensee::Projects::FSProject.new(path, search_root: search_root, detect_packages: true, detect_readme: true)
     end
 
+    # Sets the path to source dependency license information
+    def path=(path)
+      # enforcing absolute paths makes life much easier when determining
+      # an absolute file path in #notices
+      unless Pathname.new(path).absolute?
+        raise "Dependency path #{path} must be absolute"
+      end
+
+      @path = path
+      reset_license!
+    end
+
     # Detects license information and sets it on this dependency object.
     #  After calling `detect_license!``, the license is set at
     # `dependency["license"]` and legal text is set to `dependency.text`
     def detect_license!
       self["license"] = license_key
-      self.text = [license_text, *notices].join("\n" + TEXT_SEPARATOR + "\n").strip
+      self.text = [license_text, *notices].join("\n" + TEXT_SEPARATOR + "\n").rstrip
     end
 
     # Extract legal notices from the dependency source
@@ -40,7 +45,7 @@ module Licensed
       local_files.uniq # unique local file paths
            .sort # sorted by the path
            .map { |f| File.read(f) } # read the file contents
-           .map(&:strip) # strip whitespace
+           .map(&:rstrip) # strip whitespace
            .select { |t| t.length > 0 } # files with content only
     end
 
@@ -60,46 +65,25 @@ module Licensed
 
     private
 
-    # Returns the Licensee::ProjectFile representing the matched_project_file
-    # or remote_license_file
-    def project_file
-      matched_project_file || remote_license_file
-    end
-
-    # Returns the Licensee::LicenseFile, Licensee::PackageManagerFile, or
-    # Licensee::ReadmeFile with a matched license, in that order or nil
-    # if no license file matched a known license
-    def matched_project_file
-      @matched_project_file ||= project.matched_files
-                                       .select { |f| f.license && !f.license.other? }
-                                       .first
-    end
-
-    # Returns a Licensee::LicenseFile with the content of the license in the
-    # dependency's repository to account for LICENSE files not being distributed
-    def remote_license_file
-      return @remote_license_file if defined?(@remote_license_file)
-      @remote_license_file = Licensed.from_github(self["homepage"])
+    # Resets all local project and license information
+    def reset_license!
+      @project = nil
+      self.delete("license")
+      self.text = nil
     end
 
     # Regardless of the license detected, try to pull the license content
-    # from the local LICENSE, remote LICENSE, or the README, in that order
+    # from the local LICENSE-type files, remote LICENSE, or the README, in that order
     def license_text
-      content_file = project.license_file || remote_license_file || project.readme_file
-      content_file.content if content_file
+      content_files = Array(project.license_files)
+      content_files << project.readme_file if content_files.empty? && project.readme_file
+      content_files.map(&:content).join("\n#{LICENSE_SEPARATOR}\n")
     end
 
     # Returns a string representing the project's license
-    # Note, this will be "other" if a license file was found but the license
-    # could not be identified and "none" if no license file was found at all
     def license_key
-      if project_file && project_file.license
-        project_file.license.key
-      elsif project.license_file || remote_license_file
-        "other"
-      else
-        "none"
-      end
+      return "none" unless project.license
+      project.license.key
     end
   end
 end

data/lib/licensed/git.rb

@@ -34,6 +34,12 @@ module Licensed
         return unless available? && sha
         Licensed::Shell.execute("git", "show", "-s", "-1", "--format=%ct", sha)
       end
+
+      def files
+        return unless available?
+        output = Licensed::Shell.execute("git", "ls-tree", "--full-tree", "-r", "--name-only", "HEAD")
+        output.lines.map(&:strip)
+      end
     end
   end
 end

data/lib/licensed/license.rb

@@ -11,6 +11,7 @@ module Licensed
 
     YAML_FRONTMATTER_PATTERN = /\A---\s*\n(.*?\n?)^---\s*$\n?(.*)\z/m
     TEXT_SEPARATOR = ("-" * 80).freeze
+    LICENSE_SEPARATOR = ("*" * 80).freeze
 
     # Read an existing license file
     #
@@ -23,7 +24,7 @@ module Licensed
       new(YAML.load(match[1]), match[2])
     end
 
-    def_delegators :@metadata, :[], :[]=
+    def_delegators :@metadata, :[], :[]=, :delete
 
     # The license text and other legal notices
     attr_accessor :text
@@ -53,7 +54,7 @@ module Licensed
       # if the text didn't contain the separator, the text itself is the entirety
       # of the license text
       split = text.split(TEXT_SEPARATOR)
-      split.length > 1 ? split.first.strip : text.strip
+      split.length > 1 ? split.first.rstrip : text.rstrip
     end
     alias_method :content, :license_text # use license_text for content matching
 

data/lib/licensed/source/bundler.rb

@@ -94,6 +94,13 @@ module Licensed
           return spec.source.specs.first
         end
 
+        # spec.source.specs gives access to specifications with more
+        # information than spec itself, including platform-specific gems.
+        # try to find a specification that matches `spec`
+        if source_spec = spec.source.specs.find { |s| s.name == spec.name && s.version == spec.version }
+          spec = source_spec
+        end
+
         # look for a specification at the bundler specs path
         spec_path = ::Bundler.specs_path.join("#{spec.full_name}.gemspec")
         return unless File.exist?(spec_path.to_s)

data/lib/licensed/source/manifest.rb

@@ -13,32 +13,22 @@ module Licensed
       end
 
       def enabled?
-        File.exist?(manifest_path)
+        File.exist?(manifest_path) || generate_manifest?
       end
 
       def dependencies
         @dependencies ||= packages.map do |package_name, sources|
-          Dependency.new(sources_license_path(sources), {
-            "type"     => Manifest.type,
-            "name"     => package_name,
-            "version"  => package_version(sources)
-          })
+          Licensed::Source::Manifest::Dependency.new(sources,
+            package_license(package_name),
+            {
+              "type"     => Manifest.type,
+              "name"     => package_name,
+              "version"  => package_version(sources)
+            }
+          )
         end
       end
 
-      # Returns the top-most directory that is common to all paths in `sources`
-      def sources_license_path(sources)
-        common_prefix = Pathname.common_prefix(*sources).to_path
-
-        # don't allow the repo root to be used as common prefix
-        # the project this is run for should be excluded from the manifest,
-        # or ignored in the config.  any license in the root should be ignored.
-        return common_prefix if common_prefix != Licensed::Git.repository_root
-
-        # use the first source file as the license path.
-        sources.first
-      end
-
       # Returns the latest git SHA available from `sources`
       def package_version(sources)
         return if sources.nil? || sources.empty?
@@ -48,6 +38,16 @@ module Licensed
                .max_by { |sha| Licensed::Git.commit_date(sha) }
       end
 
+      # Returns the license path for a package specified in the configuration.
+      def package_license(package_name)
+        license_path = @config.dig("manifest", "licenses", package_name)
+        return unless license_path
+
+        license_path = Licensed::Git.repository_root.join(license_path)
+        return unless license_path.exist?
+        license_path
+      end
+
       # Returns a map of package names -> array of full source paths found
       # in the app manifest
       def packages
@@ -58,8 +58,10 @@ module Licensed
         end
       end
 
-      # Returns parsed manifest data for the app
+      # Returns parsed or generated manifest data for the app
       def manifest
+        return generate_manifest if generate_manifest?
+
         case manifest_path.extname.downcase.delete "."
         when "json"
           JSON.parse(File.read(manifest_path))
@@ -70,11 +72,193 @@ module Licensed
 
       # Returns the manifest location for the app
       def manifest_path
-        path = @config["manifest"]["path"] if @config["manifest"]
+        path = @config.dig("manifest", "path")
         return Licensed::Git.repository_root.join(path) if path
 
         @config.cache_path.join("manifest.json")
       end
+
+      # Returns whether a manifest should be generated automatically
+      def generate_manifest?
+        !File.exist?(manifest_path) && !@config.dig("manifest", "dependencies").nil?
+      end
+
+      # Returns a manifest of files generated automatically based on patterns
+      # set in the licensed configuration file
+      def generate_manifest
+        verify_configured_dependencies!
+        configured_dependencies.each_with_object({}) do |(name, files), hsh|
+          files.each { |f| hsh[f] = name }
+        end
+      end
+
+      # Verify that the licensed configuration file is valid for the current project.
+      # Raises errors for issues found with configuration
+      def verify_configured_dependencies!
+        # verify that dependencies are configured
+        if configured_dependencies.empty?
+          raise "The manifest \"dependencies\" cannot be empty!"
+        end
+
+        # verify all included files match a single configured dependency
+        errors = included_files.map do |file|
+          matches = configured_dependencies.select { |name, files| files.include?(file) }
+                                           .map { |name, files| name }
+          case matches.size
+          when 0
+            "#{file} did not match a configured dependency"
+          when 1
+            nil
+          else
+            "#{file} matched multiple configured dependencies: #{matches.join(", ")}"
+          end
+        end
+
+        errors.compact!
+        raise errors.join($/) unless errors.empty?
+      end
+
+      # Returns the project dependencies specified from the licensed configuration
+      def configured_dependencies
+        @configured_dependencies ||= begin
+          dependencies = @config.dig("manifest", "dependencies")&.dup || {}
+
+          dependencies.each do |name, patterns|
+            # map glob pattern(s) listed for the dependency to a listing
+            # of files that match the patterns and are not excluded
+            dependencies[name] = files_from_pattern_list(patterns) & included_files
+          end
+
+          dependencies
+        end
+      end
+
+      # Returns the set of project files that are included in dependency evaluation
+      def included_files
+        @sources ||= all_files - files_from_pattern_list(@config.dig("manifest", "exclude"))
+      end
+
+      # Finds and returns all files in the project that match
+      # the glob pattern arguments.
+      def files_from_pattern_list(patterns)
+        return Set.new if patterns.nil? || patterns.empty?
+
+        # evaluate all patterns from the project root
+        Dir.chdir Licensed::Git.repository_root do
+          Array(patterns).reduce(Set.new) do |files, pattern|
+            if pattern.start_with?("!")
+              # if the pattern is an exclusion, remove all matching files
+              # from the result
+              files - Dir.glob(pattern[1..-1], File::FNM_DOTMATCH)
+            else
+              # if the pattern is an inclusion, add all matching files
+              # to the result
+              files + Dir.glob(pattern, File::FNM_DOTMATCH)
+            end
+          end
+        end
+      end
+
+      # Returns all tracked files in the project
+      def all_files
+        # remove files if they are tracked but don't exist on the file system
+        @all_files ||= Set.new(Licensed::Git.files || [])
+                          .delete_if { |f| !File.exist?(f) }
+      end
+
+      class Dependency < Licensed::Dependency
+        ANY_EXCEPT_COMMENT_CLOSE_REGEX = /(\*(?!\/)|[^\*])*/m.freeze
+        HEADER_LICENSE_REGEX = /
+          (
+            \/\*
+            #{ANY_EXCEPT_COMMENT_CLOSE_REGEX}#{Licensee::Matchers::Copyright::COPYRIGHT_SYMBOLS}#{ANY_EXCEPT_COMMENT_CLOSE_REGEX}
+            \*\/
+          )
+        /imx.freeze
+
+        def initialize(sources, license_path, metadata = {})
+          @sources = sources
+          license_path ||= sources_license_path(sources)
+          super license_path, metadata
+        end
+
+        # Detects license information and sets it on this dependency object.
+        #  After calling `detect_license!``, the license is set at
+        # `dependency["license"]` and legal text is set to `dependency.text`
+        def detect_license!
+          # if no license key is found for the project, try to create a
+          # temporary LICENSE file from unique source file license headers
+          if license_key == "none"
+            tmp_license_file = write_license_from_source_licenses(self.path, @sources)
+            reset_license!
+          end
+
+          super
+        ensure
+          File.delete(tmp_license_file) if tmp_license_file && File.exist?(tmp_license_file)
+        end
+
+        private
+
+        # Returns the top-most directory that is common to all paths in `sources`
+        def sources_license_path(sources)
+          # return the source directory if there is only one source given
+          return source_directory(sources[0]) if sources.size == 1
+
+          common_prefix = Pathname.common_prefix(*sources).to_path
+
+          # don't allow the repo root to be used as common prefix
+          # the project this is run for should be excluded from the manifest,
+          # or ignored in the config.  any license in the root should be ignored.
+          return common_prefix if common_prefix != Licensed::Git.repository_root
+
+          # use the first source directory as the license path.
+          source_directory(sources.first)
+        end
+
+        # Returns the directory for the source.  Checks whether the source
+        # is a file or a directory
+        def source_directory(source)
+          return File.dirname(source) if File.file?(source)
+          source
+        end
+
+        # Writes any licenses found in source file comments to a LICENSE
+        # file at `dir`
+        # Returns the path to the license file
+        def write_license_from_source_licenses(dir, sources)
+          license_path = File.join(dir, "LICENSE")
+          File.open(license_path, "w") do |f|
+            licenses = source_comment_licenses(sources).uniq
+            f.puts(licenses.join("\n#{LICENSE_SEPARATOR}\n"))
+          end
+
+          license_path
+        end
+
+        # Returns a list of unique licenses parsed from source comments
+        def source_comment_licenses(sources)
+          comments = sources.select { |s| File.file?(s) }.flat_map do |source|
+            content = File.read(source)
+            content.scan(HEADER_LICENSE_REGEX).map { |match| match[0] }
+          end
+
+          comments.map do |comment|
+            # strip leading "*" and whitespace
+            indent = nil
+            comment.lines.map do |line|
+              # find the length of the indent as the number of characters
+              # until the first word character
+              indent ||= line[/\A([^\w]*)\w/, 1]&.size
+
+              # insert newline for each line until a word character is found
+              next "\n" unless indent
+
+              line[/([^\w\r\n]{0,#{indent}})(.*)/m, 2]
+            end.join
+          end
+        end
+      end
     end
   end
 end

data/lib/licensed/source/npm.rb

@@ -19,16 +19,10 @@ module Licensed
       def dependencies
         return @dependencies if defined?(@dependencies)
 
-        locations = {}
-        package_location_command.lines.each do |line|
-          path, id = line.split(":")[0, 2]
-          locations[id] ||= path
-        end
-
         packages = recursive_dependencies(JSON.parse(package_metadata_command)["dependencies"])
 
         @dependencies = packages.map do |name, package|
-          path = package["realPath"] || locations["#{package["name"]}@#{package["version"]}"]
+          path = package["path"]
           fail "couldn't locate #{name} under node_modules/" unless path
           Dependency.new(path, {
             "type"     => NPM.type,
@@ -50,11 +44,6 @@ module Licensed
         result
       end
 
-      # Returns the output from running `npm list` to get package paths
-      def package_location_command
-        npm_list_command("--parseable", "--production", "--long")
-      end
-
       # Returns the output from running `npm list` to get package metadata
       def package_metadata_command
         npm_list_command("--json", "--production", "--long")

data/lib/licensed/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "1.2.0".freeze
+  VERSION = "1.3.0".freeze
 end

data/licensed.gemspec

@@ -25,15 +25,12 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "licensee", "~> 9.0"
   spec.add_dependency "thor", "~>0.19"
-  spec.add_dependency "octokit", "~>4.0"
   spec.add_dependency "pathname-common_prefix", "~>0.0.1"
   spec.add_dependency "tomlrb", "~>1.2"
   spec.add_dependency "bundler", "~> 1.10"
 
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest", "~> 5.8"
-  spec.add_development_dependency "vcr", "~> 2.9"
-  spec.add_development_dependency "webmock", "~> 1.21"
   spec.add_development_dependency "rubocop", "~> 0.49"
   spec.add_development_dependency "rubocop-github", "~> 0.6"
   spec.add_development_dependency "byebug", "~> 10.0.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-06-22 00:00:00.000000000 Z
+date: 2018-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.19'
-- !ruby/object:Gem::Dependency
-  name: octokit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: pathname-common_prefix
   requirement: !ruby/object:Gem::Requirement
@@ -122,34 +108,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.8'
-- !ruby/object:Gem::Dependency
-  name: vcr
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.9'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.9'
-- !ruby/object:Gem::Dependency
-  name: webmock
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.21'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.21'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement