papers 2.1.0 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 8920678dc22b3cb5e808318218cc9173f2fa9b12
4
+ data.tar.gz: e6cf43b697b50fb7076460b98c91275b62e9bc9a
5
+ SHA512:
6
+ metadata.gz: 7ffdda6169b1b528c35468acccce5c1a343008cdb057dd7a0c0408700558a7f0f400cf9491c9372e7f840e9f1b02ce09adb7429f1522c4203d11f7d83e504150
7
+ data.tar.gz: fea0e35cfe2e43700cabd46b8bd5c820d7ead96c3bc1efb7a48380d681bc844ffa9efe701c5df7aea5817d7ac854478e49f3b260086dd0129c88b402caa62f4c
@@ -1,6 +1,16 @@
1
1
  # Changelog
2
2
 
3
- ## 2.0.1 (current release)
3
+ ## 2.2.0
4
+
5
+ * Fix empty npm package name bug. The name of an npm package would be blank when its version was,
6
+ e.g., a git url with no digits anywhere.
7
+ * Include package type (Gem, npm package, etc.) in error messages.
8
+
9
+ ## 2.1.0
10
+
11
+ * Add ISC license to default whitelist
12
+
13
+ ## 2.0.1
4
14
 
5
15
  * Correct validation of js.erb and coffee.erb files.
6
16
 
@@ -11,7 +11,7 @@ module Papers
11
11
 
12
12
  def name_without_version
13
13
  return @name unless @name.include?('-')
14
- @name.split('-')[0..-2].join('-')
14
+ @name.rpartition('-')[0]
15
15
  end
16
16
 
17
17
  def acceptable_license?
@@ -38,6 +38,10 @@ module Papers
38
38
  end
39
39
  end
40
40
 
41
+ def self.asset_type_name
42
+ 'Bower component'
43
+ end
44
+
41
45
  def self.manifest_key
42
46
  "bower_components"
43
47
  end
@@ -22,6 +22,10 @@ module Papers
22
22
  end
23
23
  end
24
24
 
25
+ def self.asset_type_name
26
+ 'Gem'
27
+ end
28
+
25
29
  def self.manifest_key
26
30
  "gems"
27
31
  end
@@ -22,6 +22,10 @@ module Papers
22
22
  files.compact
23
23
  end
24
24
 
25
+ def self.asset_type_name
26
+ 'JavaScript file'
27
+ end
28
+
25
29
  def self.manifest_key
26
30
  "javascripts"
27
31
  end
@@ -9,6 +9,8 @@ module Papers
9
9
  def self.full_introspected_entries
10
10
  packages = (package['dependencies'] || {}).merge((package['devDependencies'] || {}))
11
11
  packages.map do |name, version|
12
+ # FIXME: This version cleanup is inadequate for npm version specifiers, which may be git or
13
+ # tarball URLs.
12
14
  version.sub!(/^\D+/, '')
13
15
  {
14
16
  'name' => name,
@@ -26,6 +28,10 @@ module Papers
26
28
  }
27
29
  end
28
30
 
31
+ def self.asset_type_name
32
+ 'npm package'
33
+ end
34
+
29
35
  def self.manifest_key
30
36
  "npm_packages"
31
37
  end
@@ -20,7 +20,7 @@ module Papers
20
20
  validate_spec_type(Gem) if Papers.config.validate_gems?
21
21
  validate_spec_type(Javascript) if Papers.config.validate_javascript?
22
22
  validate_spec_type(BowerComponent) if Papers.config.validate_bower_components?
23
- validate_spec_type(NpmPackage) if Papers.config.validate_npm_packages?
23
+ validate_spec_type(NpmPackage) if Papers.config.validate_npm_packages?
24
24
 
25
25
  @errors.empty?
26
26
  end
@@ -48,17 +48,18 @@ module Papers
48
48
  private
49
49
 
50
50
  def validate_spec_type(spec_type)
51
+ asset_type_name = spec_type.asset_type_name
51
52
  spec_type.missing_from_manifest(manifest).each do |name|
52
- errors << "#{name} is included in the application, but not in the manifest"
53
+ errors << "#{asset_type_name} #{name} is included in the application, but not in the manifest"
53
54
  end
54
55
 
55
56
  spec_type.unknown_in_manifest(manifest).each do |name|
56
- errors << "#{name} is included in the manifest, but not in the application"
57
+ errors << "#{asset_type_name} #{name} is included in the manifest, but not in the application"
57
58
  end
58
59
 
59
60
  spec_type.all_from_manifest(manifest).each do |spec|
60
61
  unless spec.acceptable_license?
61
- errors << "#{spec.name} is licensed under #{spec.license}, which is not whitelisted"
62
+ errors << "#{asset_type_name} #{spec.name} is licensed under #{spec.license}, which is not whitelisted"
62
63
  end
63
64
  end
64
65
  end
@@ -1,7 +1,7 @@
1
1
  module Papers
2
2
  class Version
3
3
  MAJOR = 2
4
- MINOR = 1
4
+ MINOR = 2
5
5
  PATCH = 0
6
6
 
7
7
  def self.to_s
@@ -33,8 +33,8 @@ describe 'Papers' do
33
33
  expect(validator.valid?).to be_falsey
34
34
 
35
35
  expect(validator.errors).to eq([
36
- 'bar-1.2 is included in the application, but not in the manifest',
37
- 'foo-1.2 is included in the manifest, but not in the application'
36
+ 'Gem bar-1.2 is included in the application, but not in the manifest',
37
+ 'Gem foo-1.2 is included in the manifest, but not in the application'
38
38
  ])
39
39
 
40
40
  validator.valid?
@@ -57,8 +57,8 @@ describe 'Papers' do
57
57
  expect(validator.valid?).to be_falsey
58
58
 
59
59
  expect(validator.errors).to eq([
60
- 'baz-1.2 is included in the application, but not in the manifest',
61
- 'baz-1.3 is included in the manifest, but not in the application'
60
+ 'Gem baz-1.2 is included in the application, but not in the manifest',
61
+ 'Gem baz-1.3 is included in the manifest, but not in the application'
62
62
  ])
63
63
  validator.valid?
64
64
  end
@@ -80,8 +80,8 @@ describe 'Papers' do
80
80
  expect(validator).not_to be_valid
81
81
 
82
82
  expect(validator.errors).to eq([
83
- 'foo-1.2 is included in the application, but not in the manifest',
84
- 'foo is included in the manifest, but not in the application'
83
+ 'Gem foo-1.2 is included in the application, but not in the manifest',
84
+ 'Gem foo is included in the manifest, but not in the application'
85
85
  ])
86
86
  validator.valid?
87
87
  end
@@ -118,8 +118,8 @@ describe 'Papers' do
118
118
 
119
119
  expect(validator).not_to be_valid
120
120
  expect(validator.errors).to eq([
121
- 'baz-1.2 is included in the application, but not in the manifest',
122
- 'baz is included in the manifest, but not in the application'
121
+ 'Gem baz-1.2 is included in the application, but not in the manifest',
122
+ 'Gem baz is included in the manifest, but not in the application'
123
123
  ])
124
124
  end
125
125
 
@@ -139,7 +139,7 @@ describe 'Papers' do
139
139
  expect(validator).not_to be_valid
140
140
 
141
141
  expect(validator.errors).to eq([
142
- 'baz-1.3 is licensed under GPL, which is not whitelisted'
142
+ 'Gem baz-1.3 is licensed under GPL, which is not whitelisted'
143
143
  ])
144
144
  end
145
145
 
@@ -175,6 +175,35 @@ describe 'Papers' do
175
175
  ])
176
176
  end
177
177
 
178
+ it 'displays npm package name correctly when it ends in a hyphen' do
179
+ # package names rarely (if ever) end in a hyphen, but the names returned by manifest end with a
180
+ # hyphen if the version is determined to be blank, which happens when there are no digits in the
181
+ # version string (due to, e.g., a git URL without a hash in it). See
182
+ # NpmPackage.full_introspected_entries.
183
+ allow_any_instance_of(Papers::Configuration).to receive(:validate_npm_packages?).and_return(true)
184
+
185
+ allow_any_instance_of(Papers::LicenseValidator).to receive(:manifest).and_return({
186
+ 'javascripts' => {},
187
+ 'gems' => {},
188
+ 'npm_packages' => {
189
+ 'foo-' => {
190
+ 'license' => 'MIT',
191
+ 'license_url' => nil,
192
+ 'project_url' => nil
193
+ }
194
+ }
195
+ })
196
+
197
+ expect(validator.pretty_npm_package_list).to eq([
198
+ {
199
+ name: 'foo',
200
+ license: 'MIT',
201
+ license_url: nil,
202
+ project_url: nil
203
+ }
204
+ ])
205
+ end
206
+
178
207
  it 'displays JS libraries in a pretty format without versions' do
179
208
  allow_any_instance_of(Papers::LicenseValidator).to receive(:manifest).and_return({
180
209
  'javascripts' => {
metadata CHANGED
@@ -1,8 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: papers
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
5
- prerelease:
4
+ version: 2.2.0
6
5
  platform: ruby
7
6
  authors:
8
7
  - Ralph Bodenner
@@ -13,56 +12,48 @@ authors:
13
12
  autorequire:
14
13
  bindir: bin
15
14
  cert_chain: []
16
- date: 2015-03-04 00:00:00.000000000 Z
15
+ date: 2015-08-10 00:00:00.000000000 Z
17
16
  dependencies:
18
17
  - !ruby/object:Gem::Dependency
19
18
  name: rake
20
19
  requirement: !ruby/object:Gem::Requirement
21
- none: false
22
20
  requirements:
23
- - - ! '>='
21
+ - - ">="
24
22
  - !ruby/object:Gem::Version
25
23
  version: '0'
26
24
  type: :development
27
25
  prerelease: false
28
26
  version_requirements: !ruby/object:Gem::Requirement
29
- none: false
30
27
  requirements:
31
- - - ! '>='
28
+ - - ">="
32
29
  - !ruby/object:Gem::Version
33
30
  version: '0'
34
31
  - !ruby/object:Gem::Dependency
35
32
  name: rspec
36
33
  requirement: !ruby/object:Gem::Requirement
37
- none: false
38
34
  requirements:
39
- - - ~>
35
+ - - "~>"
40
36
  - !ruby/object:Gem::Version
41
37
  version: 3.1.0
42
38
  type: :development
43
39
  prerelease: false
44
40
  version_requirements: !ruby/object:Gem::Requirement
45
- none: false
46
41
  requirements:
47
- - - ~>
42
+ - - "~>"
48
43
  - !ruby/object:Gem::Version
49
44
  version: 3.1.0
50
- description: ! 'Validate that the licenses used by your Ruby project''s dependencies
51
- (both gems
52
-
53
- and javascript libraries) conform to a software license whitelist. Don''t get
54
-
45
+ description: |
46
+ Validate that the licenses used by your Ruby project's dependencies (both gems
47
+ and javascript libraries) conform to a software license whitelist. Don't get
55
48
  caught flat-footed by the GPL.
56
-
57
- '
58
49
  email: support@newrelic.com
59
50
  executables:
60
51
  - papers
61
52
  extensions: []
62
53
  extra_rdoc_files: []
63
54
  files:
64
- - .gitignore
65
- - .travis.yml
55
+ - ".gitignore"
56
+ - ".travis.yml"
66
57
  - CHANGELOG.md
67
58
  - Gemfile
68
59
  - MIT-LICENSE
@@ -88,27 +79,26 @@ files:
88
79
  homepage: http://github.com/newrelic/papers
89
80
  licenses:
90
81
  - MIT
82
+ metadata: {}
91
83
  post_install_message:
92
84
  rdoc_options: []
93
85
  require_paths:
94
86
  - lib
95
87
  required_ruby_version: !ruby/object:Gem::Requirement
96
- none: false
97
88
  requirements:
98
- - - ! '>='
89
+ - - ">="
99
90
  - !ruby/object:Gem::Version
100
91
  version: '0'
101
92
  required_rubygems_version: !ruby/object:Gem::Requirement
102
- none: false
103
93
  requirements:
104
- - - ! '>='
94
+ - - ">="
105
95
  - !ruby/object:Gem::Version
106
96
  version: '0'
107
97
  requirements: []
108
98
  rubyforge_project:
109
- rubygems_version: 1.8.23
99
+ rubygems_version: 2.4.8
110
100
  signing_key:
111
- specification_version: 3
101
+ specification_version: 4
112
102
  summary: Validate the licenses of software dependencies you use
113
103
  test_files:
114
104
  - spec/npm_package_spec.rb