licensed 1.3.4 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aafa9f6256e89db107b0d7c421a95e33b8b3ecaa
-  data.tar.gz: 9a8141a9ce955d183156404f591d0f16d73bda16
+  metadata.gz: 5c9bec838ecfcc1a05a17a40200bd1c166197d01
+  data.tar.gz: 87dad427c0c7b78f05015031b8be76132ccb96f4
 SHA512:
-  metadata.gz: 72293e38a7c2dd14a1594f3a9cc68d9d7c36eb6de376d581703ab424b750cf5d429067b827380153da5622c6aa0212a94339379ad763b2175beedb850cad3eac
-  data.tar.gz: 8e4bb0f627d6ff93a2138a4eb80c755987597445629e94eb514af8b1d3522c5e85463f1aee858f9a4f45f8f45c88dfbc5adc9dcd2c239d6ba149497a66f17895
+  metadata.gz: b868455d7be394025fee42db87172e8722423750f9f938f345f253e036673a0ada06982b4c5012ce4f530d068fb6f4bdea0cf5cb43bfa07a1a28cb91f293ca9b
+  data.tar.gz: 1810f02787fa0133f93fa7d482190da18c5579abab12b3ec2f698a0ecdf60814a3bd75335144a50b03b62a4761e011a315cd6fc1a412a6203bacf6a325e572a0

data/.gitignore

@@ -20,6 +20,8 @@ test/fixtures/go/pkg
 !test/fixtures/go/src/test
 test/fixtures/cabal/*
 !test/fixtures/cabal/app*
+test/fixtures/git_submodule/*
+!test/fixtures/git_submodule/README
 
 vendor/licenses
 .licenses

data/.travis.yml

@@ -81,5 +81,11 @@ matrix:
       script: ./script/test pip
       env: NAME="pip"
 
+    - language: ruby
+      rvm: 2.4.0
+      before_script: ./script/source-setup/git_submodule
+      script: ./script/test git_submodule
+      env: NAME="git_submodule"
+
 notifications:
   disable: true

data/CHANGELOG.md

@@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 1.4.0 - 2018-10-20
+### Added
+- Git Submodules dependency source :tada:
+- Configuration option to explicitly set a root absolute path
+
+### Changes
+- `COPYING` file is no longer matched as a legal file
+
+### Fixed
+- NPM source will enumerate multiple versions of the same dependency
+- Running Licensed outside of a Git repository no longer raises an error
+- Packaging scripts will correctly return to the previous branch when the script is finished
+
 ## 1.3.4 - 2018-09-20
 ### Changes
 - Bundler source will avoid looking for a gemspec file when possible
@@ -77,4 +90,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/1.3.4...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/1.4.0...HEAD

data/README.md

@@ -1,6 +1,8 @@
 # Licensed
 
-Licensed is a Ruby gem to cache the licenses of dependencies and check their status.
+Licensed caches the licenses of dependencies and checks their status.
+
+Licensed is available as a Ruby gem for Ruby environments, and as a self-contained executable for non-Ruby environments.
 
 Licensed is **not** a complete open source license compliance solution. Please understand the important [disclaimer](#disclaimer) below to make appropriate use of Licensed.
 
@@ -12,6 +14,8 @@ Licensed is in active development and currently used at GitHub.  See the [open i
 
 ## Installation
 
+### With a Gemfile
+
 Add this line to your application's Gemfile:
 
 ```ruby
@@ -24,6 +28,19 @@ And then execute:
 $ bundle
 ```
 
+### As an executable
+
+Download a package from GitHub and extract the executable.  Executable packages are available for each release starting with version 1.2.0.
+
+```bash
+$ curl -sSL https://github.com/github/licensed/releases/download/<version>/licensed-<version>-<os>-x64.tar.gz > licensed.tar.gz
+$ tar -xzf licensed.tar.gz
+$ rm -f licensed.tar.gz
+$ ./licensed list
+```
+
+For system wide usage, install licensed to a location on `$PATH`, e.g. `/usr/local/bin`.
+
 #### Dependencies
 
 Licensed uses the the `libgit2` bindings for Ruby provided by `rugged`. `rugged` has its own dependencies - `cmake` and `pkg-config` - which you may need to install before you can install Licensed.
@@ -81,6 +98,7 @@ Dependencies will be automatically detected for
 6. [Manifest lists](./docs/sources/manifests.md)
 7. [NPM](./docs/sources/npm.md)
 8. [Pip](./docs/sources/pip.md)
+9. [Git Submodules](./docs/sources/git_submodule.md)
 
 You can disable any of them in the configuration file:
 
@@ -118,10 +136,6 @@ if Licensed::Shell.tool_available?('bundle')
 end
 ```
 
-## Packaging
-
-Licensed can be built into an exe and packaged for distribution to systems that don't have ruby already available.  See the [packaging documentation](./docs/packaging.md) for details.
-
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org/) code of conduct.  See [CONTRIBUTING](CONTRIBUTING.md) for more details.

data/docs/configuration.md

@@ -4,6 +4,21 @@ A configuration file specifies the details of enumerating and operating on licen
 
 Configuration can be specified in either YML or JSON formats.  Examples below are given in YML.
 
+## Configuration Paths
+
+`licensed` requires a path to enumerate dependencies at (`source_path`) and a path to store cached metadata (`cache_path`).
+
+To determine these paths across multiple environments where absolute paths will differ, a known root path is needed to evaluate relative paths against.
+In using a root, relative source and cache paths can be specified in the configuration file.
+
+When using a configuration file, the root property can be set as either a path that can be expanded from the configuration file directory using `File.expand_path`, or the value `true` to use the configuration file directory as the root.
+
+When creating a `Licensed::Dependency` manually with a `root` property, the property must be an absolute path - no path expansion will occur.
+
+If a root path is not specified, it will default to using the following, in order of precedence
+1. the root of the local git repository, if run inside a git repository
+2. the current directory
+
 ## Restricting sources
 
 The `sources` configuration property specifies which sources `licensed` will use to enumerate dependencies.
@@ -44,11 +59,16 @@ Configuration can be set up for single or multiple applications in the same repo
 # If not set, defaults to the directory name of `source_path`
 name: 'My application'
 
-# Path is relative to git repository root
+# Path is relative to the location of the configuration file and specifies
+# the root to expand all paths from
+# If not set, defaults to a git repository root
+root: 'relative/path/from/configuration/file/directory'
+
+# Path is relative to configuration root
 # If not set, defaults to '.licenses'
 cache_path: 'relative/path/to/cache'
 
-# Path is relative to git repository root and specifies the working directory when enumerating dependencies
+# Path is relative to configuration root and specifies the working directory when enumerating dependencies
 # Optional for single app configuration, required when specifying multiple apps
 # Defaults to current directory when running `licensed`
 source_path: 'relative/path/to/source'

data/docs/sources/git_submodule.md

@@ -0,0 +1,17 @@
+# Git Submodules
+
+The Git submodule source uses `git submodule foreach` CLI commands to enumerate dependencies and properties.  The Git submodule dependency source requires `git` version 2.0 or greater to be available, that the project is a valid Git repository, and that submodules are fetched locally.
+
+#### Nested submodules
+
+Nested submodules are detected as long as the submodules have been fetched locally, i.e. `git submodule update --init --recursive` or a similar operation has been run.  If a nested submodule has not been initialized, it will not be detected and no error is provided.
+
+Dependencies for submodules will be cached at a path similar to their nested structure to avoid any clashes if a single repository is references as a submodule in multiple places.  As an example if `my_project` uses `submodule_1`, and `submodule_2` uses `submodule_2`, the metadata files will be available at:
+
+- <cache_path>
+| - git_submodule
+  | - my_project.txt
+  | - my_project
+    | - submodule_1.txt
+    | - submodule_1
+      | - submodule_2.txt

data/lib/licensed.rb

@@ -12,6 +12,7 @@ require "licensed/source/go"
 require "licensed/source/dep"
 require "licensed/source/cabal"
 require "licensed/source/pip"
+require "licensed/source/git_submodule"
 require "licensed/configuration"
 require "licensed/command/cache"
 require "licensed/command/status"

data/lib/licensed/command/cache.rb

@@ -30,7 +30,7 @@ module Licensed
 
               # ensure each dependency is cached
               dependencies.each do |dependency|
-                name = dependency["name"]
+                name = dependency.name
                 version = dependency["version"]
 
                 names << name

data/lib/licensed/command/list.rb

@@ -10,7 +10,7 @@ module Licensed
 
       def run
         @config.apps.each do |app|
-          @config.ui.info "Displaying dependencies for #{app['name']}"
+          @config.ui.info "Displaying dependencies for #{app["name"]}"
           Dir.chdir app.source_path do
             app.sources.each do |source|
               type = source.class.type
@@ -19,7 +19,7 @@ module Licensed
 
               source_dependencies = dependencies(app, source)
               source_dependencies.each do |dependency|
-                @config.ui.info "    Found #{dependency['name']} (#{dependency['version']})"
+                @config.ui.info "    Found #{dependency.name} (#{dependency["version"]})"
               end
 
               @config.ui.confirm "  * #{type} dependencies: #{source_dependencies.size}"
@@ -32,7 +32,7 @@ module Licensed
       def dependencies(app, source)
         source.dependencies
               .select { |d| !app.ignored?(d) }
-              .sort_by { |d| d["name"] }
+              .sort_by { |d| d.name }
       end
 
       def success?

data/lib/licensed/command/status.rb

@@ -25,7 +25,8 @@ module Licensed
             @config.ui.info "Checking licenses for #{app['name']}: #{dependencies.size} dependencies"
 
             results = dependencies.map do |dependency|
-              filename = app.cache_path.join(dependency["type"], "#{dependency["name"]}.txt")
+              name = dependency.name
+              filename = app.cache_path.join(dependency["type"], "#{name}.txt")
 
               warnings = []
 

data/lib/licensed/configuration.rb

@@ -27,18 +27,28 @@ module Licensed
       self["ignored"] ||= {}
       self["allowed"] ||= []
 
+      # default the root to the git repository root,
+      # or the current directory if no other options are available
+      self["root"] ||= Licensed::Git.repository_root || Dir.pwd
+
       verify_arg "source_path"
       verify_arg "cache_path"
     end
 
+    # Returns the path to the workspace root as a Pathname.
+    # Defaults to Licensed::Git.repository_root if not explicitly set
+    def root
+      Pathname.new(self["root"])
+    end
+
     # Returns the path to the app cache directory as a Pathname
     def cache_path
-      Licensed::Git.repository_root.join(self["cache_path"])
+      root.join(self["cache_path"])
     end
 
     # Returns the path to the app source directory as a Pathname
     def source_path
-      Licensed::Git.repository_root.join(self["source_path"])
+      root.join(self["source_path"])
     end
 
     def pwd
@@ -89,6 +99,8 @@ module Licensed
       self["allowed"] << license
     end
 
+    private
+
     def defaults_for(options, inherited_options)
       name = options["name"] || File.basename(options["source_path"])
       cache_path = inherited_options["cache_path"] || DEFAULT_CACHE_PATH
@@ -158,7 +170,7 @@ module Licensed
       return {} unless config_path.file?
 
       extension = config_path.extname.downcase.delete "."
-      case extension
+      config = case extension
       when "json"
         JSON.parse(File.read(config_path))
       when "yml", "yaml"
@@ -166,6 +178,23 @@ module Licensed
       else
         raise LoadError, "Unknown file type #{extension} for #{config_path}"
       end
+
+      expand_config_roots(config, config_path)
+      config
+    end
+
+    # Expand any roots specified in a configuration file based on the configuration
+    # files directory.
+    def self.expand_config_roots(config, config_path)
+      if config["root"] == true
+        config["root"] = File.dirname(config_path)
+      elsif config["root"]
+        config["root"] = File.expand_path(config["root"], File.dirname(config_path))
+      end
+
+      if config["apps"]&.any?
+        config["apps"].each { |app_config| expand_config_roots(app_config, config_path) }
+      end
     end
 
     def default_options

data/lib/licensed/dependency.rb

@@ -3,13 +3,15 @@ require "licensee"
 
 module Licensed
   class Dependency < License
-    LEGAL_FILES = /\A(AUTHORS|COPYING|NOTICE|LEGAL)(?:\..*)?\z/i
+    LEGAL_FILES = /\A(AUTHORS|NOTICE|LEGAL)(?:\..*)?\z/i
 
     attr_reader :path
     attr_reader :search_root
+    attr_reader :name
 
     def initialize(path, metadata = {})
       @search_root = metadata.delete("search_root")
+      @name = metadata.delete("path") || metadata["name"]
       super metadata
 
       self.path = path

data/lib/licensed/git.rb

@@ -7,9 +7,16 @@ module Licensed
         @git ||= Licensed::Shell.tool_available?("git")
       end
 
+      def git_repo?
+        return false unless available?
+        !Licensed::Shell.execute("git", "status", allow_failure: true).empty?
+      end
+
+      # Returns the root of the current git repository
+      # or nil if not in a git repository.
       def repository_root
-        return unless available?
-        @root ||= Pathname.new(Licensed::Shell.execute("git", "rev-parse", "--show-toplevel"))
+        return unless git_repo?
+        Licensed::Shell.execute("git", "rev-parse", "--show-toplevel")
       end
 
       # Returns the most recent git SHA for a file or directory
@@ -17,7 +24,7 @@ module Licensed
       #
       # descriptor - file or directory to retrieve latest SHA for
       def version(descriptor)
-        return unless available? && descriptor
+        return unless git_repo? && descriptor
         Licensed::Shell.execute("git", "rev-list", "-1", "HEAD", "--", descriptor, allow_failure: true)
       end
 
@@ -25,12 +32,13 @@ module Licensed
       #
       # sha - commit sha to retrieve date
       def commit_date(sha)
-        return unless available? && sha
+        return unless git_repo? && sha
         Licensed::Shell.execute("git", "show", "-s", "-1", "--format=%ct", sha)
       end
 
+      # Returns the files in the git repository from `git ls-files --recurse-submodules`
       def files
-        return unless available?
+        return unless git_repo?
         output = Licensed::Shell.execute("git", "ls-files", "--full-name", "--recurse-submodules")
         output.lines.map(&:strip)
       end

data/lib/licensed/source/cabal.rb

@@ -137,7 +137,7 @@ module Licensed
         Array(@config["cabal"]["ghc_package_db"]).map do |path|
           next "--#{path}" if %w(global user).include?(path)
           path = realized_ghc_package_path(path)
-          path = File.expand_path(path, Licensed::Git.repository_root)
+          path = File.expand_path(path, @config.root)
 
           next unless File.exist?(path)
           "--package-db=#{path}"

data/lib/licensed/source/git_submodule.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Licensed
+  module Source
+    class GitSubmodule
+      REMOTE_URL_ARGUMENT = "$(git remote get-url origin)".freeze
+      GIT_SUBMODULES_ARGUMENTS = [
+        "$displaypath", # path from repo root to submodule folder to find the name and submodule content
+        "$toplevel", # path to parent repository to calculate the ancestor chain
+        "$sha1", # use the commit reference of the submodule as the version
+        "$(git config --get remote.origin.url)", # use the configured remote origin url as the homepage
+      ].freeze
+
+      def self.type
+        "git_submodule"
+      end
+
+      def initialize(config)
+        @config = config
+      end
+
+      def enabled?
+        return false unless Licensed::Shell.tool_available?("git") && Licensed::Git.git_repo?
+        gitmodules_path.exist?
+      end
+
+      def dependencies
+        @dependencies ||= git_submodules_command.lines.map do |line|
+          displaypath, toplevel, version, homepage = line.strip.split
+          name = File.basename(displaypath)
+          submodule_path = if toplevel == @config.pwd.to_s
+            name
+          else
+            parent = File.basename(toplevel)
+            "#{submodule_paths[parent]}/#{name}"
+          end
+          submodule_paths[name] = submodule_path
+
+          Licensed::Dependency.new(@config.pwd.join(displaypath), {
+            "type" => self.class.type,
+            "name" => name,
+            "version" => version,
+            "homepage" => homepage,
+            "path" => submodule_path
+          })
+        end
+      end
+
+      def submodule_paths
+        @submodule_paths ||= {}
+      end
+
+      def git_submodules_command
+        Licensed::Shell.execute("git", "submodule", "foreach", "-q", "--recursive", "echo #{GIT_SUBMODULES_ARGUMENTS.join(" ")}")
+      end
+
+      def gitmodules_path
+        @config.pwd.join(".gitmodules")
+      end
+    end
+  end
+end

data/lib/licensed/source/go.rb

@@ -154,7 +154,7 @@ module Licensed
                     ENV["GOPATH"]
                   else
                     root = begin
-                             Licensed::Git.repository_root
+                             @config.root
                            rescue Licensed::Shell::Error
                              Pathname.pwd
                            end

data/lib/licensed/source/manifest.rb

@@ -19,6 +19,7 @@ module Licensed
       def dependencies
         @dependencies ||= packages.map do |package_name, sources|
           Licensed::Source::Manifest::Dependency.new(sources,
+            @config.root,
             package_license(package_name),
             {
               "type"     => Manifest.type,
@@ -43,7 +44,7 @@ module Licensed
         license_path = @config.dig("manifest", "licenses", package_name)
         return unless license_path
 
-        license_path = Licensed::Git.repository_root.join(license_path)
+        license_path = @config.root.join(license_path)
         return unless license_path.exist?
         license_path
       end
@@ -54,7 +55,7 @@ module Licensed
         manifest.each_with_object({}) do |(src, package_name), hsh|
           next if src.nil? || src.empty?
           hsh[package_name] ||= []
-          hsh[package_name] << File.join(Licensed::Git.repository_root, src)
+          hsh[package_name] << File.join(@config.root, src)
         end
       end
 
@@ -73,7 +74,7 @@ module Licensed
       # Returns the manifest location for the app
       def manifest_path
         path = @config.dig("manifest", "path")
-        return Licensed::Git.repository_root.join(path) if path
+        return @config.root.join(path) if path
 
         @config.cache_path.join("manifest.json")
       end
@@ -144,7 +145,7 @@ module Licensed
         return Set.new if patterns.nil? || patterns.empty?
 
         # evaluate all patterns from the project root
-        Dir.chdir Licensed::Git.repository_root do
+        Dir.chdir @config.root do
           Array(patterns).reduce(Set.new) do |files, pattern|
             if pattern.start_with?("!")
               # if the pattern is an exclusion, remove all matching files
@@ -176,9 +177,9 @@ module Licensed
           )
         /imx.freeze
 
-        def initialize(sources, license_path, metadata = {})
+        def initialize(sources, root, license_path, metadata = {})
           @sources = sources
-          license_path ||= sources_license_path(sources)
+          license_path ||= sources_license_path(sources, root)
           super license_path, metadata
         end
 
@@ -201,16 +202,16 @@ module Licensed
         private
 
         # Returns the top-most directory that is common to all paths in `sources`
-        def sources_license_path(sources)
+        def sources_license_path(sources, root)
           # return the source directory if there is only one source given
           return source_directory(sources[0]) if sources.size == 1
 
           common_prefix = Pathname.common_prefix(*sources).to_path
 
-          # don't allow the repo root to be used as common prefix
+          # don't allow the workspace root to be used as common prefix
           # the project this is run for should be excluded from the manifest,
           # or ignored in the config.  any license in the root should be ignored.
-          return common_prefix if common_prefix != Licensed::Git.repository_root
+          return common_prefix if common_prefix != root
 
           # use the first source directory as the license path.
           source_directory(sources.first)

data/lib/licensed/source/npm.rb

@@ -17,11 +17,7 @@ module Licensed
       end
 
       def dependencies
-        return @dependencies if defined?(@dependencies)
-
-        packages = recursive_dependencies(JSON.parse(package_metadata_command)["dependencies"])
-
-        @dependencies = packages.map do |name, package|
+        @dependencies ||= packages.map do |name, package|
           path = package["path"]
           fail "couldn't locate #{name} under node_modules/" unless path
           Dependency.new(path, {
@@ -29,16 +25,32 @@ module Licensed
             "name"     => package["name"],
             "version"  => package["version"],
             "summary"  => package["description"],
-            "homepage" => package["homepage"]
+            "homepage" => package["homepage"],
+            "path"     => name
           })
         end
       end
 
+      def packages
+        root_dependencies = JSON.parse(package_metadata_command)["dependencies"]
+        recursive_dependencies(root_dependencies).each_with_object({}) do |(name, results), hsh|
+          results.uniq! { |package| package["version"] }
+          if results.size == 1
+            hsh[name] = results[0]
+          else
+            results.each do |package|
+              name_with_version = "#{name}-#{package["version"]}"
+              hsh[name_with_version] = package
+            end
+          end
+        end
+      end
+
       # Recursively parse dependency JSON data.  Returns a hash mapping the
       # package name to it's metadata
       def recursive_dependencies(dependencies, result = {})
         dependencies.each do |name, dependency|
-          (result[name] ||= {}).update(dependency)
+          (result[name] ||= []) << dependency
           recursive_dependencies(dependency["dependencies"] || {}, result)
         end
         result

data/lib/licensed/source/pip.rb

@@ -63,7 +63,7 @@ module Licensed
         return @virtual_env_dir if defined?(@virtual_env_dir)
         @virtual_env_dir = begin
           venv_dir = @config.dig("python", "virtual_env_dir")
-          File.expand_path(venv_dir, Licensed::Git.repository_root) if venv_dir
+          File.expand_path(venv_dir, @config.root) if venv_dir
         end
       end
     end

data/lib/licensed/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "1.3.4".freeze
+  VERSION = "1.4.0".freeze
 end

data/script/source-setup/git_submodule

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -e
+
+# setup test fixtures
+BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd $BASE_PATH/test/fixtures/git_submodule
+
+FIXTURES="$(pwd)/nested $(pwd)/submodule $(pwd)/project"
+SUBMODULE=""
+echo "setting up git_submodule test fixtures"
+for fixture in $FIXTURES; do
+  if [ "$1" == "-f" ]; then
+    rm -rf $fixture
+  fi
+
+  mkdir -p $fixture
+  pushd $fixture >/dev/null
+
+  # fixture is already set up, use "-f" to force a refresh
+  if [ -e ".git" ]; then
+    continue
+  fi
+
+  git init -q .
+  cp $BASE_PATH/LICENSE .
+  git add LICENSE
+  git commit -q -m "init"
+
+  if [ -n "$SUBMODULE" ] ; then
+    git submodule add -q "$SUBMODULE" "vendor/$(basename $SUBMODULE)"
+    git submodule update --recursive --init -q
+    git add . && git commit -q -m "update submodule"
+  fi
+
+  echo "$(basename $fixture) created"
+
+  SUBMODULE="$(pwd)"
+  popd >/dev/null
+done

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 1.3.4
+  version: 1.4.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-09-21 00:00:00.000000000 Z
+date: 2018-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -176,6 +176,7 @@ files:
 - docs/sources/bundler.md
 - docs/sources/cabal.md
 - docs/sources/dep.md
+- docs/sources/git_submodule.md
 - docs/sources/go.md
 - docs/sources/manifests.md
 - docs/sources/npm.md
@@ -196,6 +197,7 @@ files:
 - lib/licensed/source/bundler.rb
 - lib/licensed/source/cabal.rb
 - lib/licensed/source/dep.rb
+- lib/licensed/source/git_submodule.rb
 - lib/licensed/source/go.rb
 - lib/licensed/source/manifest.rb
 - lib/licensed/source/npm.rb
@@ -214,6 +216,7 @@ files:
 - script/source-setup/bower
 - script/source-setup/bundler
 - script/source-setup/cabal
+- script/source-setup/git_submodule
 - script/source-setup/go
 - script/source-setup/npm
 - script/source-setup/pip