papers 2.1.0 → 2.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8920678dc22b3cb5e808318218cc9173f2fa9b12
+  data.tar.gz: e6cf43b697b50fb7076460b98c91275b62e9bc9a
+SHA512:
+  metadata.gz: 7ffdda6169b1b528c35468acccce5c1a343008cdb057dd7a0c0408700558a7f0f400cf9491c9372e7f840e9f1b02ce09adb7429f1522c4203d11f7d83e504150
+  data.tar.gz: fea0e35cfe2e43700cabd46b8bd5c820d7ead96c3bc1efb7a48380d681bc844ffa9efe701c5df7aea5817d7ac854478e49f3b260086dd0129c88b402caa62f4c

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 # Changelog
 
-## 2.0.1 (current release)
+## 2.2.0
+
+* Fix empty npm package name bug. The name of an npm package would be blank when its version was,
+  e.g., a git url with no digits anywhere.
+* Include package type (Gem, npm package, etc.) in error messages.
+
+## 2.1.0
+
+* Add ISC license to default whitelist
+
+## 2.0.1
 
 * Correct validation of js.erb and coffee.erb files.
 

data/lib/papers/dependency_specification.rb

@@ -11,7 +11,7 @@ module Papers
 
     def name_without_version
       return @name unless @name.include?('-')
-      @name.split('-')[0..-2].join('-')
+      @name.rpartition('-')[0]
     end
 
     def acceptable_license?

data/lib/papers/dependency_specification/bower_component.rb

@@ -38,6 +38,10 @@ module Papers
       end
     end
 
+    def self.asset_type_name
+      'Bower component'
+    end
+
     def self.manifest_key
       "bower_components"
     end

data/lib/papers/dependency_specification/gem.rb

@@ -22,6 +22,10 @@ module Papers
       end
     end
 
+    def self.asset_type_name
+      'Gem'
+    end
+
     def self.manifest_key
       "gems"
     end

data/lib/papers/dependency_specification/javascript.rb

@@ -22,6 +22,10 @@ module Papers
       files.compact
     end
 
+    def self.asset_type_name
+      'JavaScript file'
+    end
+
     def self.manifest_key
       "javascripts"
     end

data/lib/papers/dependency_specification/npm_package.rb

@@ -9,6 +9,8 @@ module Papers
     def self.full_introspected_entries
       packages = (package['dependencies'] || {}).merge((package['devDependencies'] || {}))
       packages.map do |name, version|
+        # FIXME: This version cleanup is inadequate for npm version specifiers, which may be git or
+        # tarball URLs.
         version.sub!(/^\D+/, '')
         {
           'name' => name,
@@ -26,6 +28,10 @@ module Papers
       }
     end
 
+    def self.asset_type_name
+      'npm package'
+    end
+
     def self.manifest_key
       "npm_packages"
     end

data/lib/papers/license_validator.rb

@@ -20,7 +20,7 @@ module Papers
       validate_spec_type(Gem)            if Papers.config.validate_gems?
       validate_spec_type(Javascript)     if Papers.config.validate_javascript?
       validate_spec_type(BowerComponent) if Papers.config.validate_bower_components?
-      validate_spec_type(NpmPackage)  if Papers.config.validate_npm_packages?
+      validate_spec_type(NpmPackage)     if Papers.config.validate_npm_packages?
 
       @errors.empty?
     end
@@ -48,17 +48,18 @@ module Papers
     private
 
       def validate_spec_type(spec_type)
+        asset_type_name = spec_type.asset_type_name
         spec_type.missing_from_manifest(manifest).each do |name|
-          errors << "#{name} is included in the application, but not in the manifest"
+          errors << "#{asset_type_name} #{name} is included in the application, but not in the manifest"
         end
 
         spec_type.unknown_in_manifest(manifest).each do |name|
-          errors << "#{name} is included in the manifest, but not in the application"
+          errors << "#{asset_type_name} #{name} is included in the manifest, but not in the application"
         end
 
         spec_type.all_from_manifest(manifest).each do |spec|
           unless spec.acceptable_license?
-            errors << "#{spec.name} is licensed under #{spec.license}, which is not whitelisted"
+            errors << "#{asset_type_name} #{spec.name} is licensed under #{spec.license}, which is not whitelisted"
           end
         end
       end

data/lib/papers/version.rb

@@ -1,7 +1,7 @@
 module Papers
   class Version
     MAJOR = 2
-    MINOR = 1
+    MINOR = 2
     PATCH = 0
 
     def self.to_s

data/spec/papers_spec.rb

@@ -33,8 +33,8 @@ describe 'Papers' do
     expect(validator.valid?).to be_falsey
 
     expect(validator.errors).to eq([
-      'bar-1.2 is included in the application, but not in the manifest',
-      'foo-1.2 is included in the manifest, but not in the application'
+      'Gem bar-1.2 is included in the application, but not in the manifest',
+      'Gem foo-1.2 is included in the manifest, but not in the application'
     ])
 
     validator.valid?
@@ -57,8 +57,8 @@ describe 'Papers' do
     expect(validator.valid?).to be_falsey
 
     expect(validator.errors).to eq([
-      'baz-1.2 is included in the application, but not in the manifest',
-      'baz-1.3 is included in the manifest, but not in the application'
+      'Gem baz-1.2 is included in the application, but not in the manifest',
+      'Gem baz-1.3 is included in the manifest, but not in the application'
     ])
     validator.valid?
   end
@@ -80,8 +80,8 @@ describe 'Papers' do
     expect(validator).not_to be_valid
 
     expect(validator.errors).to eq([
-      'foo-1.2 is included in the application, but not in the manifest',
-      'foo is included in the manifest, but not in the application'
+      'Gem foo-1.2 is included in the application, but not in the manifest',
+      'Gem foo is included in the manifest, but not in the application'
     ])
     validator.valid?
   end
@@ -118,8 +118,8 @@ describe 'Papers' do
 
     expect(validator).not_to be_valid
     expect(validator.errors).to eq([
-      'baz-1.2 is included in the application, but not in the manifest',
-      'baz is included in the manifest, but not in the application'
+      'Gem baz-1.2 is included in the application, but not in the manifest',
+      'Gem baz is included in the manifest, but not in the application'
     ])
   end
 
@@ -139,7 +139,7 @@ describe 'Papers' do
     expect(validator).not_to be_valid
 
     expect(validator.errors).to eq([
-      'baz-1.3 is licensed under GPL, which is not whitelisted'
+      'Gem baz-1.3 is licensed under GPL, which is not whitelisted'
     ])
   end
 
@@ -175,6 +175,35 @@ describe 'Papers' do
     ])
   end
 
+  it 'displays npm package name correctly when it ends in a hyphen' do
+    # package names rarely (if ever) end in a hyphen, but the names returned by manifest end with a
+    # hyphen if the version is determined to be blank, which happens when there are no digits in the
+    # version string (due to, e.g., a git URL without a hash in it). See
+    # NpmPackage.full_introspected_entries.
+    allow_any_instance_of(Papers::Configuration).to receive(:validate_npm_packages?).and_return(true)
+
+    allow_any_instance_of(Papers::LicenseValidator).to receive(:manifest).and_return({
+      'javascripts' => {},
+      'gems' => {},
+      'npm_packages' => {
+        'foo-' => {
+          'license' => 'MIT',
+          'license_url' => nil,
+          'project_url' => nil
+        }
+      }
+    })
+
+    expect(validator.pretty_npm_package_list).to eq([
+      {
+        name: 'foo',
+        license: 'MIT',
+        license_url: nil,
+        project_url: nil
+      }
+    ])
+  end
+
   it 'displays JS libraries in a pretty format without versions' do
     allow_any_instance_of(Papers::LicenseValidator).to receive(:manifest).and_return({
       'javascripts' => {

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: papers
 version: !ruby/object:Gem::Version
-  version: 2.1.0
-  prerelease: 
+  version: 2.2.0
 platform: ruby
 authors:
 - Ralph Bodenner
@@ -13,56 +12,48 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-04 00:00:00.000000000 Z
+date: 2015-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 3.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 3.1.0
-description: ! 'Validate that the licenses used by your Ruby project''s dependencies
-  (both gems
-
-  and javascript libraries) conform to a software license whitelist. Don''t get
-
+description: |
+  Validate that the licenses used by your Ruby project's dependencies (both gems
+  and javascript libraries) conform to a software license whitelist. Don't get
   caught flat-footed by the GPL.
-
-'
 email: support@newrelic.com
 executables:
 - papers
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - MIT-LICENSE
@@ -88,27 +79,26 @@ files:
 homepage: http://github.com/newrelic/papers
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.4.8
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Validate the licenses of software dependencies you use
 test_files:
 - spec/npm_package_spec.rb