spandx 0.12.3 → 0.13.4

data/lib/spandx/spdx/license.rb

@@ -61,14 +61,6 @@ module Spandx
         attributes[:referenceNumber] = value
       end
 
-      def content
-        @content ||= ::Spandx::Core::Content.new(raw_content)
-      end
-
-      def content=(value)
-        @content = ::Spandx::Core::Content.new(value)
-      end
-
       def <=>(other)
         id <=> other.id
       end
@@ -77,14 +69,12 @@ module Spandx
         id
       end
 
-      def self.unknown(text)
-        new(licenseId: 'Nonstandard', name: 'Unknown').tap { |x| x.content = text }
+      def inspect
+        "#<Spandx::Spdx::License id='#{id}'>"
       end
 
-      private
-
-      def raw_content
-        @raw_content ||= (Spandx.git[:spdx].read("text/#{id}.txt") || '')
+      def self.unknown(text)
+        new(licenseId: 'Nonstandard', name: text)
       end
     end
   end

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.12.3'
+  VERSION = '0.13.4'
 end

data/spandx.gemspec

@@ -7,21 +7,22 @@ require 'spandx/version'
 Gem::Specification.new do |spec|
   spec.name          = 'spandx'
   spec.version       = Spandx::VERSION
-  spec.authors       = ['mo khan']
-  spec.email         = ['mo@mokhan.ca']
+  spec.authors       = ['Can Eldem', 'mo khan']
+  spec.email         = ['eldemcan@gmail.com', 'mo@mokhan.ca']
 
   spec.summary       = 'A ruby interface to the SPDX catalogue.'
-  spec.description   = 'A ruby interface to the SPDX catalogue. With a CLI that can scan project lockfiles to list out software licenses for each dependency'
-  spec.homepage      = 'https://github.com/mokhan/spandx'
+  spec.description   = 'Spanx is a ruby API for interacting with the spdx.org software license catalogue. This gem includes a command line interface to scan a software project for the software licenses that are associated with each dependency in the project. Spandx also allows you to hook additional information for each dependency found. For instance, you can add plugin to Spandx to find and report vulnerabilities for the dependencies it found.'
+  spec.homepage      = 'https://spandx.github.io/'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.5.0')
 
   spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
-  spec.metadata['changelog_uri'] = 'https://github.com/mokhan/spandx/blob/master/CHANGELOG.md'
+  spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
+  spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/master/CHANGELOG.md'
 
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     Dir.glob('exe/*') +
+      Dir.glob('ext/**/**/*.{rb,c,h}') +
       Dir.glob('lib/**/**/*.{rb}') +
       Dir.glob('*.{md,gemspec,txt}')
   end
@@ -29,25 +30,30 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.extensions    = ['ext/spandx/extconf.rb']
 
   spec.add_dependency 'addressable', '~> 2.7'
   spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
+  spec.add_dependency 'nanospinner', '~> 1.0.0'
   spec.add_dependency 'net-hippie', '~> 0.3'
   spec.add_dependency 'nokogiri', '~> 1.10'
+  spec.add_dependency 'parslet', '~> 2.0'
+  spec.add_dependency 'terminal-table', '~> 1.8'
   spec.add_dependency 'thor'
+  spec.add_dependency 'tty-screen', '~> 0.7'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
+  spec.add_development_dependency 'benchmark-ips', '~> 2.8'
   spec.add_development_dependency 'bundler-audit', '~> 0.6'
   spec.add_development_dependency 'byebug', '~> 11.1'
-  spec.add_development_dependency 'jaro_winkler', '~> 1.5'
   spec.add_development_dependency 'licensed', '~> 2.8'
-  spec.add_development_dependency 'parallel_tests', '~> 2.32'
   spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rake-compiler', '~> 1.1'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec-benchmark', '~> 0.5'
   spec.add_development_dependency 'rubocop', '~> 0.52'
   spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
-  spec.add_development_dependency 'text', '~> 1.3'
+  spec.add_development_dependency 'ruby-prof', '~> 1.3'
   spec.add_development_dependency 'vcr', '~> 5.0'
   spec.add_development_dependency 'webmock', '~> 3.7'
 end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.12.3
+  version: 0.13.4
 platform: ruby
 authors:
+- Can Eldem
 - mo khan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-04-19 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -44,6 +45,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: nanospinner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: net-hippie
   requirement: !ruby/object:Gem::Requirement
@@ -72,6 +87,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: parslet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -86,6 +129,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: tty-screen
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -101,47 +158,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.3'
 - !ruby/object:Gem::Dependency
-  name: bundler-audit
+  name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '2.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '2.8'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '0.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '0.6'
 - !ruby/object:Gem::Dependency
-  name: jaro_winkler
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '11.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '11.1'
 - !ruby/object:Gem::Dependency
   name: licensed
   requirement: !ruby/object:Gem::Requirement
@@ -157,33 +214,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.8'
 - !ruby/object:Gem::Dependency
-  name: parallel_tests
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.32'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.32'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '1.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -241,7 +298,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.22'
 - !ruby/object:Gem::Dependency
-  name: text
+  name: ruby-prof
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -282,19 +339,28 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.7'
-description: A ruby interface to the SPDX catalogue. With a CLI that can scan project
-  lockfiles to list out software licenses for each dependency
+description: Spanx is a ruby API for interacting with the spdx.org software license
+  catalogue. This gem includes a command line interface to scan a software project
+  for the software licenses that are associated with each dependency in the project.
+  Spandx also allows you to hook additional information for each dependency found.
+  For instance, you can add plugin to Spandx to find and report vulnerabilities for
+  the dependencies it found.
 email:
+- eldemcan@gmail.com
 - mo@mokhan.ca
 executables:
 - spandx
-extensions: []
+extensions:
+- ext/spandx/extconf.rb
 extra_rdoc_files: []
 files:
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
 - exe/spandx
+- ext/spandx/extconf.rb
+- ext/spandx/spandx.c
+- ext/spandx/spandx.h
 - lib/spandx.rb
 - lib/spandx/cli.rb
 - lib/spandx/cli/commands/build.rb
@@ -304,20 +370,22 @@ files:
 - lib/spandx/core/cache.rb
 - lib/spandx/core/circuit.rb
 - lib/spandx/core/content.rb
+- lib/spandx/core/data_file.rb
 - lib/spandx/core/dependency.rb
 - lib/spandx/core/gateway.rb
 - lib/spandx/core/git.rb
 - lib/spandx/core/guess.rb
 - lib/spandx/core/http.rb
+- lib/spandx/core/index_file.rb
 - lib/spandx/core/license_plugin.rb
-- lib/spandx/core/null_gateway.rb
 - lib/spandx/core/parser.rb
+- lib/spandx/core/path_traversal.rb
 - lib/spandx/core/plugin.rb
 - lib/spandx/core/registerable.rb
+- lib/spandx/core/relation.rb
 - lib/spandx/core/report.rb
 - lib/spandx/core/score.rb
-- lib/spandx/core/table.rb
-- lib/spandx/core/thread_pool.rb
+- lib/spandx/core/spinner.rb
 - lib/spandx/dotnet/index.rb
 - lib/spandx/dotnet/nuget_gateway.rb
 - lib/spandx/dotnet/package_reference.rb
@@ -342,17 +410,19 @@ files:
 - lib/spandx/ruby/gateway.rb
 - lib/spandx/ruby/parsers/gemfile_lock.rb
 - lib/spandx/spdx/catalogue.rb
+- lib/spandx/spdx/composite_license.rb
+- lib/spandx/spdx/expression.rb
 - lib/spandx/spdx/gateway.rb
 - lib/spandx/spdx/license.rb
 - lib/spandx/version.rb
 - spandx.gemspec
-homepage: https://github.com/mokhan/spandx
+homepage: https://spandx.github.io/
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/mokhan/spandx
-  source_code_uri: https://github.com/mokhan/spandx
-  changelog_uri: https://github.com/mokhan/spandx/blob/master/CHANGELOG.md
+  homepage_uri: https://spandx.github.io/
+  source_code_uri: https://github.com/spandx/spandx
+  changelog_uri: https://github.com/spandx/spandx/blob/master/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -361,14 +431,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.

data/lib/spandx/core/null_gateway.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class NullGateway
-      def licenses_for(*_args)
-        []
-      end
-    end
-  end
-end

data/lib/spandx/core/table.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class Table
-      def initialize
-        @rows = []
-        @max_justification = 0
-        yield self
-      end
-
-      def <<(item)
-        row = item.to_a
-        new_max = row[0].size
-        @max_justification = new_max + 1 if new_max > @max_justification
-        @rows << row
-      end
-
-      def to_s
-        @rows.map do |row|
-          row.each.with_index.map do |cell, index|
-            justification = index.zero? ? @max_justification : 15
-            Array(cell).join(', ').ljust(justification, ' ')
-          end.join
-        end
-      end
-    end
-  end
-end

data/lib/spandx/core/thread_pool.rb

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class ThreadPool
-      def initialize(size: Etc.nprocessors)
-        @size = size
-        @jobs = Queue.new
-        @pool = size.times { start_worker_thread }
-      end
-
-      def schedule(*args, &block)
-        @jobs << [block, args]
-      end
-
-      def shutdown
-        @size.times do
-          schedule { throw :exit }
-        end
-
-        @pool.map(&:join)
-      end
-
-      private
-
-      def start_worker_thread
-        Thread.new do
-          catch(:exit) do
-            loop do
-              job, args = @jobs.deq
-              job.call(*args)
-            end
-          end
-        end
-      end
-    end
-  end
-end