licensee 8.5.0 → 8.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: '09da33c25905df581cb047d1eed3c138ede5f440'
-  data.tar.gz: c0d34f622f3f6dde90f32c859b221b6b4af02bce
+  metadata.gz: a09cefedc079e0510fbdae2de030984fc477a60b
+  data.tar.gz: 1648fed5fcbab4086f7f2d992ee9fea4b03fbe01
 SHA512:
-  metadata.gz: 0c253e00b53aa258a70e80fad5a94454ff9ae080d9911f20e999e09eba9db14b306052dbf04b0e66de8ae2256ee87d81b4d458e4fa5317bd84e129bfe5ef2084
-  data.tar.gz: 7d0e97bbc08a7d687b6011690e8d346d76f97a6c1d9ac5ee2cede3400771c480c05950e904f5f632d01ff0bed0e699233cb3961f8e79f75ed4a91b7265fbac2c
+  metadata.gz: 64bb0bb0ccbe7bb4df9d043182ab3b2a598544b2c42212b2489d448b821d170ce7c48aaf9213a56c407f72e061d81710be4b07b7de9efffd226e8940e4c98fd2
+  data.tar.gz: 42f5c17fdb81239632a12e41df5c4e66cb8b29600eb23a3674a75f9b51a0aec3961a400edff62430bea76ebd400deac50e344ca59ba7856504d52bc30b58cc50

data/README.md

@@ -1,24 +1,38 @@
 # Licensee
-_A Ruby Gem to detect under what license a project is distributed._
 
-[![Build Status](https://travis-ci.org/benbalter/licensee.svg?branch=master)](https://travis-ci.org/benbalter/licensee) [![Gem Version](https://badge.fury.io/rb/licensee.svg)](http://badge.fury.io/rb/licensee)
+*A Ruby Gem to detect under what license a project is distributed.*
+
+[![Build Status](https://travis-ci.org/benbalter/licensee.svg?branch=master)](https://travis-ci.org/benbalter/licensee) [![Gem Version](https://badge.fury.io/rb/licensee.svg)](http://badge.fury.io/rb/licensee) [![Coverage Status](https://coveralls.io/repos/github/benbalter/licensee/badge.svg?branch=rspec)](https://coveralls.io/github/benbalter/licensee?branch=rspec)
 
 ## The problem
-- You've got an open source project. How do you know what you can and can't do with the software?
-- You've got a bunch of open source projects, how do you know what their licenses are?
-- You've got a project with a license file, but which license is it? Has it been modified?
+
+* You've got an open source project. How do you know what you can and can't do with the software?
+* You've got a bunch of open source projects, how do you know what their licenses are?
+* You've got a project with a license file, but which license is it? Has it been modified?
 
 ## The solution
+
 Licensee automates the process of reading `LICENSE` files and compares their contents to known licenses using a several strategies (which we call "Matchers"). It attempts to determine a project's license in the following order:
-- If the license file has an explicit copyright notice, and nothing more (e.g., `Copyright (c) 2015 Ben Balter`), we'll assume the author intends to retain all rights, and thus the project isn't licensed.
-- If the license is an exact match to a known license. If we strip away whitespace and copyright notice, we might get lucky, and direct string comparison in Ruby is cheap.
-- If we still can't match the license, we use a fancy math thing called the [Sørensen–Dice coefficient](https://en.wikipedia.org/wiki/S%C3%B8rensen%E2%80%93Dice_coefficient), which is really good at calculating the similarity between two strings. By calculating the percent changed from the known license to the license file, you can tell, e.g., that a given license is 90% similar to the MIT license, that 10% likely representing the copyright line being properly adapted to the project.
 
-_Special thanks to [@vmg](https://github.com/vmg) for his Git and algorithmic prowess._
+* If the license file has an explicit copyright notice, and nothing more (e.g., `Copyright (c) 2015 Ben Balter`), we'll assume the author intends to retain all rights, and thus the project isn't licensed.
+* If the license is an exact match to a known license. If we strip away whitespace and copyright notice, we might get lucky, and direct string comparison in Ruby is cheap.
+* If we still can't match the license, we use a fancy math thing called the [Sørensen–Dice coefficient](https://en.wikipedia.org/wiki/S%C3%B8rensen%E2%80%93Dice_coefficient), which is really good at calculating the similarity between two strings. By calculating the percent changed from the known license to the license file, you can tell, e.g., that a given license is 95% similar to the MIT license, that 5% likely representing legally insignificant changes to the license text.
+
+*Special thanks to [@vmg](https://github.com/vmg) for his Git and algorithmic prowess.*
 
 ## Installation
+
 `gem install licensee` or add `gem 'licensee'` to your project's `Gemfile`.
 
+## Documentation
+
+See [the docs folder](/docs) for more information. You may be interested in:
+
+* [Contributing to Licensee](CONTRIBUTING.md) (and development instructions)
+* [Customizing Licensee's behavior](docs/customizing.md)
+* [Instructions for using Licensee](docs/usage.md)
+* More information about [what Licensee looks at](docs/what-we-look-at.md) (or doesn't, and why)
+
 ## Semantic Versioning
 
 This project conforms to [semver](http://semver.org/). As a result of this policy, you can (and should) specify a dependency on this gem using the [Pessimistic Version Constraint](http://guides.rubygems.org/patterns/) with two digits of precision. For example:
@@ -28,98 +42,3 @@ spec.add_dependency 'licensee', '~> 1.0'
 This means your project is compatible with licensee 1.0 up until 2.0. You can also set a higher minimum version:
 
 spec.add_dependency 'licensee', '~> 1.1'
-
-## Command line usage
-1. `cd` into a project directory
-2. execute the `licensee` command
-
-You'll get an output that looks like:
-
-```
-License: MIT
-Confidence: 98.42%
-Matcher: Licensee::GitMatcher
-```
-
-Alternately, `licensee <directory>` will treat the argument as the project directory, and `licensee <file>` will attempt to match the individual file specified, both with output that looks like the above.
-
-## License API
-
-```ruby
-license = Licensee.license "/path/to/a/project"
-=> #<Licensee::License name="MIT" match=0.9842154131847726>
-
-license.key
-=> "mit"
-
-license.name
-=> "MIT License"
-
-license.meta["source"]
-=> "http://opensource.org/licenses/MIT"
-
-license.meta["description"]
-=> "A permissive license that is short and to the point. It lets people do anything with your code with proper attribution and without warranty."
-
-license.meta["permissions"]
-=> ["commercial-use","modifications","distribution","private-use"]
-```
-
-## More API
-You can gather more information by working with the project object, and the top level Licensee class. 
-
-```ruby
- Licensee::VERSION                                 # The Licensee version
- Licensee.licenses                                 # All the licenses Licensee knows about
-
- project=Licensee.project "/path/to/a/project"     # Get a Project (Git checkout or just local Filesystem) (post 6.0.0)
-
- project.license                                   # The matched license
- project.matched_file                              # Object for the particular file containing the apparent license
- project.matched_file.filename                     #   Its filename
- project.matched_file.confidence                   #   The confidence level in the license matching
- project.matched_file.content                      #   The content of your license file
- project.license.content                           # The Open Source License text it matched against
-```
-
-## What it looks at
-- `LICENSE`, `LICENSE.txt`, `COPYING`, etc. files in the root of the project, comparing the body to known licenses
-- Crowdsourced license content and metadata from [`choosealicense.com`](http://choosealicense.com)
-
-## What it doesn't look at
-- Dependency licensing
-- References to licenses in `README`, `README.md`, etc.
-- Every single possible license (just the most popular ones)
-- Compliance (e.g., whitelisting certain licenses)
-
-If you're looking for dependency license checking and compliance, take a look at [LicenseFinder](https://github.com/pivotal/LicenseFinder).
-
-## Huh? Why don't you look at X?
-Because reasons.
-
-### Why not just look at the "license" field of [insert package manager here]?
-Because it's not legally binding. A license is a legal contract. You give up certain rights (e.g., the right to sue the author) in exchange for the right to use the software.
-
-Most popular licenses today _require_ that the license itself be distributed along side the software. Simply putting the letters "MIT" or "GPL" in a configuration file doesn't really meet that requirement.
-
-Not to mention, it doesn't tell you much about your rights as a user. Is it GPLv2? GPLv2 or later? Those files are designed to be read by computers (who can't enter into contracts), not humans (who can). It's great metadata, but that's about it.
-
-### What about looking to see if the author said something in the readme?
-You could make an argument that, when linked or sufficiently identified, the terms of the license are incorporated by reference, or at least that the author's intent is there. There's a handful of reasons why this isn't ideal. For one, if you're using the MIT or BSD (ISC) license, along with a few others, there's templematic language, like the copyright notice, which would go unfilled.
-
-### What about checking every single file for a copyright header?
-Because that's silly in the context of how software is developed today. You wouldn't put a copyright notice on each page of a book. Besides, it's a lot of work, as there's no standardized, cross-platform way to describe a project's license within a comment.
-
-Checking the actual text into version control is definitive, so that's what this project looks at.
-
-## Bootstrapping a local development environment
-`script/bootstrap`
-
-## Running tests
-`script/cibuild`
-
-## Updating the licenses
-License data is pulled from `choosealicense.com`. To update the license data, simple run `script/vendor-licenses`.
-
-## Roadmap
-See [proposed enhancements](https://github.com/benbalter/licensee/labels/enhancement).

data/bin/licensee

@@ -14,23 +14,37 @@ matched_file = project.matched_file
 
 if license_file
   puts "License file: #{license_file.filename}"
+  puts "License hash: #{license_file.hash}"
   puts "Attribution: #{license_file.attribution}" if license_file.attribution
 end
 
-if matched_file
-  if matched_file.license
-    puts "License: #{matched_file.license.meta['title']}"
-    puts "Confidence: #{format_percent(matched_file.confidence)}" if matched_file.confidence
-    puts "Method: #{matched_file.matcher.class}" if matched_file.matcher
-  else
-    puts 'License: Not detected'
+unless matched_file
+  puts 'License: Not detected'
+  exit 1
+end
+
+if matched_file.license
+  puts "License: #{matched_file.license.meta['title']}"
+
+  if matched_file.confidence
+    puts "Confidence: #{format_percent(matched_file.confidence)}"
+  end
+
+  puts "Method: #{matched_file.matcher.class}" if matched_file.matcher
+  exit 0
+end
+
+if matched_file.is_a?(Licensee::Project::LicenseFile)
+  matcher = Licensee::Matchers::Dice.new(matched_file)
+  licenses = matcher.licenses_by_similiarity
+  unless licenses.empty?
     puts
     puts "Here's the closest licenses:"
-    matcher = Licensee::Matchers::Dice.new(matched_file)
-    matcher.licenses_by_similiarity[0...3].each do |license, similarity|
-      puts "* #{license.meta['spdx-id']} similarity: #{format_percent(similarity)}"
+    licenses[0...3].each do |license, similarity|
+      spdx_id = license.meta['spdx-id']
+      puts "* #{spdx_id} similarity: #{format_percent(similarity)}"
     end
   end
-else
-  puts 'Unknown'
 end
+
+exit 1

data/lib/licensee.rb

@@ -20,6 +20,7 @@ require_relative 'licensee/matchers/dice_matcher'
 require_relative 'licensee/matchers/package_matcher'
 require_relative 'licensee/matchers/gemspec_matcher'
 require_relative 'licensee/matchers/npm_bower_matcher'
+require_relative 'licensee/matchers/cran_matcher'
 
 module Licensee
   # Over which percent is a match considered a match by default

data/lib/licensee/license.rb

@@ -131,12 +131,16 @@ module Licensee
       !other.nil? && key == other.key
     end
 
-    private
-
     def pseudo_license?
       PSEUDO_LICENSES.include?(key)
     end
 
+    def inspect
+      "#<Licensee::License key=#{key}>"
+    end
+
+    private
+
     # Raw content of license file, including YAML front matter
     def raw_content
       return if pseudo_license?

data/lib/licensee/matchers/copyright_matcher.rb

@@ -2,6 +2,8 @@
 module Licensee
   module Matchers
     class Copyright
+      attr_reader :file
+
       # rubocop:disable Metrics/LineLength
       REGEX = /\s*(Copyright|\(c\)) (©|\(c\)|\xC2\xA9)? ?(\d{4}|\[year\])(.*)?\s*/i
 

data/lib/licensee/matchers/cran_matcher.rb

@@ -0,0 +1,20 @@
+module Licensee
+  module Matchers
+    class Cran < Package
+      attr_reader :file
+
+      # While we could parse the package.json or bower.json file, prefer
+      # a lenient regex for speed and security. Moar parsing moar problems.
+      LICENSE_REGEX = /
+        ^license:\s*([a-z\-0-9\.]+)
+      /ix
+
+      private
+
+      def license_property
+        match = @file.content.match LICENSE_REGEX
+        match[1].downcase if match && match[1]
+      end
+    end
+  end
+end

data/lib/licensee/matchers/exact_matcher.rb

@@ -1,6 +1,8 @@
 module Licensee
   module Matchers
     class Exact
+      attr_reader :file
+
       def initialize(file)
         @file = file
       end

data/lib/licensee/project.rb

@@ -36,7 +36,7 @@ module Licensee
       end
     end
 
-    def readme
+    def readme_file
       return unless detect_readme?
       return @readme if defined? @readme
       @readme = begin
@@ -45,6 +45,7 @@ module Licensee
         Readme.new(content, name) if content && name
       end
     end
+    alias readme readme_file
 
     def package_file
       return unless detect_packages?

data/lib/licensee/project_file.rb

@@ -3,10 +3,16 @@ module Licensee
     class File
       attr_reader :content, :filename
 
+      ENCODING = Encoding::UTF_8
+      ENCODING_OPTIONS = {
+        invalid: :replace,
+        undef:   :replace,
+        replace: ''
+      }.freeze
+
       def initialize(content, filename = nil)
         @content = content
-        options = { invalid: :replace, undef: :replace, replace: '' }
-        @content.encode!(Encoding::UTF_8, options)
+        @content.encode!(ENCODING, ENCODING_OPTIONS)
         @filename = filename
       end
 

data/lib/licensee/project_files/license_file.rb

@@ -3,6 +3,32 @@ module Licensee
     class LicenseFile < Licensee::Project::File
       include Licensee::ContentHelper
 
+      # List of extensions to give preference to
+      PREFERRED_EXT = %w(md markdown txt).freeze
+      PREFERRED_EXT_REGEX = /\.#{Regexp.union(PREFERRED_EXT)}\z/
+
+      # Regex to match any extension
+      ANY_EXT_REGEX = %r{\.[^./]+\z}
+
+      # Regex to match, LICENSE, LICENCE, unlicense, etc.
+      LICENSE_REGEX = /(un)?licen[sc]e/i
+
+      # Regex to match COPYING, COPYRIGHT, etc.
+      COPYING_REGEX = /copy(ing|right)/i
+
+      # Hash of Regex => score with which to score potential license files
+      FILENAME_REGEXES = {
+        /\A#{LICENSE_REGEX}\z/                       => 1.0, # LICENSE
+        /\A#{LICENSE_REGEX}#{PREFERRED_EXT_REGEX}\z/ => 0.9, # LICENSE.md
+        /\A#{COPYING_REGEX}\z/                       => 0.8, # COPYING
+        /\A#{COPYING_REGEX}#{PREFERRED_EXT_REGEX}\z/ => 0.7, # COPYING.md
+        /\A#{LICENSE_REGEX}#{ANY_EXT_REGEX}\z/       => 0.6, # LICENSE.textile
+        /\A#{COPYING_REGEX}#{ANY_EXT_REGEX}\z/       => 0.5, # COPYING.textile
+        /#{LICENSE_REGEX}/                           => 0.4, # LICENSE-MIT
+        /#{COPYING_REGEX}/                           => 0.3, # COPYING-MIT
+        //                                           => 0.0  # Catch all
+      }.freeze
+
       def possible_matchers
         [Matchers::Copyright, Matchers::Exact, Matchers::Dice]
       end
@@ -13,12 +39,7 @@ module Licensee
       end
 
       def self.name_score(filename)
-        return 1.0 if filename =~ /\A(un)?licen[sc]e\z/i
-        return 0.9 if filename =~ /\A(un)?licen[sc]e\.(md|markdown|txt)\z/i
-        return 0.8 if filename =~ /\Acopy(ing|right)(\.[^.]+)?\z/i
-        return 0.7 if filename =~ /\A(un)?licen[sc]e\.[^.]+\z/i
-        return 0.5 if filename =~ /licen[sc]e/i
-        0.0
+        FILENAME_REGEXES.find { |regex, _| filename =~ regex }[1]
       end
 
       # case-insensitive block to determine if the given file is LICENSE.lesser

data/lib/licensee/project_files/package_info.rb

@@ -8,13 +8,18 @@ module Licensee
         when '.json'
           [Matchers::NpmBower]
         else
-          []
+          if filename == 'DESCRIPTION' && content.start_with?('Package:')
+            [Matchers::Cran]
+          else
+            []
+          end
         end
       end
 
       def self.name_score(filename)
         return 1.0  if ::File.extname(filename) == '.gemspec'
         return 1.0  if filename == 'package.json'
+        return 0.9  if filename == 'DESCRIPTION'
         return 0.75 if filename == 'bower.json'
         0.0
       end

data/lib/licensee/project_files/readme.rb

@@ -2,8 +2,8 @@ module Licensee
   class Project
     class Readme < LicenseFile
       SCORES = {
-        /\AREADME\z/i                    => 1.0,
-        /\AREADME\.(md|markdown|txt)\z/i => 0.9
+        /\AREADME\z/i                          => 1.0,
+        /\AREADME\.(md|markdown|mdown|txt)\z/i => 0.9
       }.freeze
 
       CONTENT_REGEX = /^#+ Licen[sc]e$(.*?)(?=#+|\z)/im

data/lib/licensee/projects/fs_project.rb

@@ -35,7 +35,6 @@ module Licensee
     # Retrieve a file's content from disk
     #
     # file - the file hash, with the :name key as the file's relative path
-    # path - the base path to the project
     #
     # Returns the fiel contents as a string
     def load_file(file)

data/lib/licensee/version.rb

@@ -1,3 +1,3 @@
 module Licensee
-  VERSION = '8.5.0'.freeze
+  VERSION = '8.6.0'.freeze
 end

data/spec/bin_spec.rb

@@ -0,0 +1,56 @@
+RSpec.describe 'command line invocation' do
+  let(:command) { ['ruby', 'bin/licensee'] }
+  let(:output) do
+    Dir.chdir project_root do
+      Open3.capture3(*[command, arguments].flatten)
+    end
+  end
+  let(:stdout) { output[0] }
+  let(:stderr) { output[1] }
+  let(:status) { output[2] }
+
+  context 'without any arguments' do
+    let(:arguments) { [] }
+
+    it 'Returns a zero exit code' do
+      expect(status.exitstatus).to eql(0)
+    end
+
+    it "detects the folder's license" do
+      expect(stdout).to match('License: MIT License')
+    end
+
+    it 'outputs the hash' do
+      expect(stdout).to match('750260c322080bab4c19fd55eb78bc73e1ae8f11')
+    end
+
+    it 'outputs the attribution' do
+      expect(stdout).to match('2014-2016 Ben Balter')
+    end
+
+    it 'outputs the confidence' do
+      expect(stdout).to match('Confidence: 100.00%')
+    end
+
+    it 'outputs the method' do
+      expect(stdout).to match('Method: Licensee::Matchers::Exact')
+    end
+  end
+
+  context 'when given a folder path' do
+    let(:arguments) { [project_root] }
+
+    it "detects the folder's license" do
+      expect(stdout).to match('License: MIT License')
+    end
+  end
+
+  context 'when given a license path' do
+    let(:license_path) { File.expand_path 'LICENSE.md', project_root }
+    let(:arguments) { [license_path] }
+
+    it "detects the file's license" do
+      expect(stdout).to match('License: MIT License')
+    end
+  end
+end