spandx 0.13.4 → 0.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef9e117562bb153d2bf7a7aa8561244f50f7dcbca8a81300e10279efec45c674
-  data.tar.gz: '069f96ae764417f3b005ebd8e7fee919c66eee38a63649918f7dea3209a9bc34'
+  metadata.gz: 252cdcff5bb25e6699751e6f842159e46a1a19485e889dca067d2120063bd11b
+  data.tar.gz: 4a1c66430fd54d64d8fa18a4a015dbe49d94454bd2800369d384b09e1c5fc984
 SHA512:
-  metadata.gz: 67ec66d00236b0c4a98bc770e0b33698ecabb6e868b4e1b309c735a0d3cf5288a49393280f0cff2829d8ab5d1005920b16a877bdabdb2a0b63c88ac9f7af7df9
-  data.tar.gz: 9260aeb08a495fb4f8bd1ba4c2b17fed8e34c2e60e96d5c826c79f7c51d83a8686b4194e060fa77e3b898f1beb17404006dd5370b727d2a7ce98d87ddce41507
+  metadata.gz: 3699f961272816332c5c1ec0ab97fc5f769cfeafc80d8058bb03671f8f3eaee89a3ac831ba8c40304e5d63a59c37436ca30472da4eec8bf69496f3875fb793ee
+  data.tar.gz: 8b06322b0d3103eadd726a77cf8dfd43759c94d67c628710e50247946112dba479bd0f317c45639f2bf99aed083c665edde36f0c06e2860dc97c6afe1f08cb1d

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-Version 0.13.4
+Version 0.16.0
 
 # Changelog
 
@@ -9,6 +9,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.16.0] - 2020-11-19
+### Changed
+- Pull smaller license cache.
+- Print index files after building them.
+
+## [0.15.1] - 2020-11-18
+### Fixed
+- Rebuild index after pulling latest cache.
+
+## [0.15.0] - 2020-11-18
+### Added
+- Parse `/var/lib/dpkg/status` file.
+
+## [0.14.0] - 2020-11-14
+### Added
+- Parse `/lib/apk/db/installed` file.
+
+## [0.13.5] - 2020-05-26
+### Fixed
+- Process PyPI package urls with single digit versions.
+- Remove unsupported `hash` report from help text.
+
+### Changed
+- Stream output to output stream as soon as results are available.
+- Switch to `Oj` for JSON parsing.
+- Run spinner on background thread.
+
 ## [0.13.4] - 2020-05-26
 ### Added
 - Add detected file path to report output.
@@ -189,7 +216,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Provide ruby API to the latest SPDX catalogue.
 
-[Unreleased]: https://github.com/spandx/spandx/compare/v0.13.3...HEAD
+[Unreleased]: https://github.com/spandx/spandx/compare/v0.16.0...HEAD
+[0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
+[0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
+[0.15.0]: https://github.com/spandx/spandx/compare/v0.14.0...v0.15.0
+[0.14.0]: https://github.com/spandx/spandx/compare/v0.13.5...v0.14.0
+[0.13.5]: https://github.com/spandx/spandx/compare/v0.13.4...v0.13.5
+[0.13.4]: https://github.com/spandx/spandx/compare/v0.13.3...v0.13.4
 [0.13.3]: https://github.com/spandx/spandx/compare/v0.13.2...v0.13.3
 [0.13.2]: https://github.com/spandx/spandx/compare/v0.13.1...v0.13.2
 [0.13.1]: https://github.com/spandx/spandx/compare/v0.13.0...v0.13.1

data/exe/spandx

@@ -4,7 +4,6 @@
 require 'spandx'
 
 Signal.trap('INT') do
-  warn("\n#{caller.join("\n")}: interrupted")
   exit(1)
 end
 

data/ext/spandx/spandx.c

@@ -52,4 +52,6 @@ void Init_spandx(void)
   rb_mCore = rb_define_module_under(rb_mSpandx, "Core");
   rb_mCsvParser = rb_define_module_under(rb_mCore, "CsvParser");
   rb_define_module_function(rb_mCsvParser, "parse", parse, 1);
+
+  rb_gc_register_mark_object(rb_mCsvParser);
 }

data/lib/spandx.rb

@@ -8,11 +8,11 @@ require 'json'
 require 'logger'
 require 'net/hippie'
 require 'nokogiri'
+require 'oj'
 require 'parslet'
 require 'pathname'
 require 'yaml'
 require 'zeitwerk'
-require 'terminal-table'
 require 'spandx/spandx'
 
 loader = Zeitwerk::Loader.for_gem
@@ -45,7 +45,7 @@ module Spandx
       @git ||= {
         cache: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/cache.git'),
         rubygems: ::Spandx::Core::Git.new(url: 'https://github.com/spandx/rubygems-cache.git'),
-        spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git'),
+        spdx: ::Spandx::Core::Git.new(url: 'https://github.com/spdx/license-list-data.git', default_branch: 'master'),
       }
     end
   end

data/lib/spandx/cli.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
-require 'nanospinner'
 require 'thor'
-require 'tty-screen'
+require 'tty-spinner'
+require 'terminal-table'
 
 module Spandx
   module Cli

data/lib/spandx/cli/commands/pull.rb

@@ -4,17 +4,56 @@ module Spandx
   module Cli
     module Commands
       class Pull
+        attr_reader :cache_dir, :rubygems_cache_dir
+
         def initialize(options)
           @options = options
+          @cache_dir = Spandx.git[:cache].root.join('.index')
+          @rubygems_cache_dir = Spandx.git[:rubygems].root.join('.index')
         end
 
-        def execute(output: $stdout)
-          Spandx.git.each_value do |db|
-            output.puts "Updating #{db.url}..."
-            db.update!
+        def execute(output: $stderr)
+          sync(output)
+          build(output, ::Spandx::Core::Dependency::PACKAGE_MANAGERS.values.uniq)
+          index_files_in(cache_dir, rubygems_cache_dir).each do |item|
+            output.puts item.to_s.gsub(Dir.home, '~')
           end
           output.puts 'OK'
         end
+
+        private
+
+        def sync(output)
+          Spandx.git.each_value do |db|
+            with_spinner("Updating #{db.url}...", output: output) do
+              db.update!
+            end
+          end
+        end
+
+        def build(output, sources)
+          with_spinner('Building index...', output: output) do
+            sources.each do |source|
+              Spandx::Core::Cache.new(source, root: cache_dir).rebuild_index
+            end
+            Spandx::Core::Cache.new(:rubygems, root: rubygems_cache_dir).rebuild_index
+          end
+        end
+
+        def with_spinner(message, output:)
+          spinner = TTY::Spinner.new("[:spinner] #{message}", output: output)
+          spinner.auto_spin
+          yield
+          spinner.success('(done)')
+        rescue StandardError => error
+          spinner.error("(#{error.message})")
+        ensure
+          spinner.stop
+        end
+
+        def index_files_in(*dirs)
+          dirs.map { |x| x.glob('**/*.idx') }.flatten.sort
+        end
       end
     end
   end

data/lib/spandx/cli/commands/scan.rb

@@ -4,51 +4,49 @@ module Spandx
   module Cli
     module Commands
       class Scan
-        attr_reader :scan_path, :spinner
+        include Spandx::Core
+        attr_reader :scan_path
 
         def initialize(scan_path, options)
           @scan_path = ::Pathname.new(scan_path)
           @options = options
-          @spinner = options[:show_progress] ? ::Spandx::Core::Spinner.new : ::Spandx::Core::Spinner::NULL
           require(options[:require]) if options[:require]
         end
 
         def execute(output: $stdout)
-          report = ::Spandx::Core::Report.new
-          each_file do |file|
-            spinner.spin(file)
-            each_dependency_from(file) do |dependency|
-              spinner.spin(file)
-              report.add(dependency)
+          with_printer(output) do |printer|
+            each_dependency do |dependency|
+              printer.print_line(Plugin.enhance(dependency), output)
             end
           end
-          spinner.stop
-          output.puts(format(report.to(@options[:format])))
         end
 
         private
 
         def each_file
-          Spandx::Core::PathTraversal
+          PathTraversal
             .new(scan_path, recursive: @options[:recursive])
             .each { |file| yield file }
         end
 
-        def each_dependency_from(file)
-          ::Spandx::Core::Parser
-            .parse(file)
-            .map { |x| enhance(x) }
-            .each { |dependency| yield dependency }
+        def each_dependency
+          each_file do |file|
+            Parser.parse(file).each do |dependency|
+              yield dependency
+            end
+          end
         end
 
         def format(output)
           Array(output).map(&:to_s)
         end
 
-        def enhance(dependency)
-          ::Spandx::Core::Plugin
-            .all
-            .inject(dependency) { |memo, plugin| plugin.enhance(memo) }
+        def with_printer(output)
+          printer = ::Spandx::Cli::Printer.for(@options[:format])
+          printer.print_header(output)
+          yield printer
+        ensure
+          printer.print_footer(output)
         end
       end
     end

data/lib/spandx/cli/main.rb

@@ -8,14 +8,14 @@ module Spandx
       method_option :recursive, aliases: '-R', type: :boolean, desc: 'Perform recursive scan', default: false
       method_option :airgap, aliases: '-a', type: :boolean, desc: 'Disable network connections', default: false
       method_option :logfile, aliases: '-l', type: :string, desc: 'Path to a logfile', default: '/dev/null'
-      method_option :format, aliases: '-f', type: :string, desc: 'Format of report. (table, csv, json, hash)', default: 'table'
+      method_option :format, aliases: '-f', type: :string, desc: 'Format of report. (table, csv, json)', default: 'table'
       method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
       method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
-      method_option :show_progress, aliases: '-sp', type: :boolean, desc: 'Shows a progress bar', default: true
       def scan(lockfile = Pathname.pwd)
         if options[:help]
           invoke :help, ['scan']
         else
+          Oj.default_options = { mode: :strict }
           Spandx.airgap = options[:airgap]
           Spandx.logger = Logger.new(options[:logfile])
           pull if options[:pull]

data/lib/spandx/cli/printer.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Cli
+    class Printer
+      def match?(_format)
+        raise ::Spandx::Error, :match?
+      end
+
+      def print_header(io); end
+
+      def print_line(dependency, io)
+        io.puts(dependency.to_s)
+      end
+
+      def print_footer(io); end
+
+      class << self
+        include Core::Registerable
+
+        def for(format)
+          find { |x| x.match?(format) } || new
+        end
+      end
+    end
+  end
+end

data/lib/spandx/cli/printers/csv.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Cli
+    module Printers
+      class Csv < Printer
+        def match?(format)
+          format.to_sym == :csv
+        end
+
+        def print_line(dependency, io)
+          io.puts(CSV.generate_line(dependency.to_a))
+        end
+      end
+    end
+  end
+end

data/lib/spandx/cli/printers/json.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Cli
+    module Printers
+      class Json < Printer
+        def match?(format)
+          format.to_sym == :json
+        end
+
+        def print_line(dependency, io)
+          io.puts(Oj.dump(dependency.to_h))
+        end
+      end
+    end
+  end
+end

data/lib/spandx/cli/printers/table.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Cli
+    module Printers
+      class Table < Printer
+        HEADINGS = ['Name', 'Version', 'Licenses', 'Location'].freeze
+
+        def initialize(output: $stderr)
+          @spinner = TTY::Spinner.new('[:spinner] Scanning...', output: output, clear: true, format: :dots)
+          @spinner.auto_spin
+        end
+
+        def match?(format)
+          format.to_sym == :table
+        end
+
+        def print_header(_io)
+          @dependencies = SortedSet.new
+        end
+
+        def print_line(dependency, _io)
+          @dependencies << dependency
+        end
+
+        def print_footer(io)
+          @spinner.stop
+          @spinner.reset
+          io.puts(to_table(@dependencies.map(&:to_a)))
+        end
+
+        private
+
+        def to_table(rows)
+          Terminal::Table.new(headings: HEADINGS) do |table|
+            rows.each { |row| table.add_row(row) }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spandx/core/data_file.rb

@@ -56,6 +56,10 @@ module Spandx
         @index ||= IndexFile.new(self)
       end
 
+      def to_s
+        absolute_path.to_s
+      end
+
       private
 
       def to_csv(array)

data/lib/spandx/core/dependency.rb

@@ -13,6 +13,7 @@ module Spandx
         Spandx::Php::Parsers::Composer => :composer,
         Spandx::Python::Parsers::PipfileLock => :pypi,
         Spandx::Ruby::Parsers::GemfileLock => :rubygems,
+        Spandx::Os::Parsers::Apk => :apk,
       }.freeze
       attr_reader :path, :name, :version, :licenses, :meta
 

data/lib/spandx/core/git.rb

@@ -3,17 +3,17 @@
 module Spandx
   module Core
     class Git
-      attr_reader :root, :url
+      attr_reader :root, :url, :default_branch
 
-      def initialize(url:)
+      def initialize(url:, default_branch: 'main')
         @url = url
+        @default_branch = default_branch
         @root = path_for(url)
       end
 
       def read(path)
-        full_path = File.join(root, path)
-
-        IO.read(full_path) if File.exist?(full_path)
+        full_path = root.join(path)
+        full_path.read if full_path.exist?
       end
 
       def update!
@@ -25,20 +25,22 @@ module Spandx
       def path_for(url)
         uri = URI.parse(url)
         name = uri.path.gsub(/\.git$/, '')
-        File.expand_path(File.join(Dir.home, '.local', 'share', name))
+        Pathname(File.expand_path(File.join(Dir.home, '.local', 'share', name)))
       end
 
       def dotgit?
-        File.directory?(File.join(root, '.git'))
+        root.join('.git').directory?
       end
 
-      def clone!
-        system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', 'master', url, root)
+      def clone!(branch: default_branch)
+        system('rm', '-rf', root.to_s) if root.exist?
+        system('git', 'clone', '--quiet', '--depth=1', '--single-branch', '--branch', branch, url, root.to_s)
       end
 
-      def pull!
+      def pull!(remote: 'origin', branch: default_branch)
         Dir.chdir(root) do
-          system('git', 'pull', '--no-rebase', '--quiet', 'origin', 'master')
+          system('git', 'fetch', '--quiet', '--depth=1', '--prune', '--no-tags', remote)
+          system('git', 'checkout', '--quiet', branch)
         end
       end
     end

data/lib/spandx/core/http.rb

@@ -36,12 +36,12 @@ module Spandx
       end
 
       def self.default_driver
-        @default_driver ||= Net::Hippie::Client.new.tap do |client|
-          client.logger = Spandx.logger
-          client.open_timeout = 1
-          client.read_timeout = 5
-          client.follow_redirects = 3
-        end
+        @default_driver ||= Net::Hippie::Client.new(
+          follow_redirects: 3,
+          logger: Spandx.logger,
+          open_timeout: 1,
+          read_timeout: 5
+        )
       end
 
       private

data/lib/spandx/core/license_plugin.rb

@@ -33,7 +33,7 @@ module Spandx
       end
 
       def known?(package_manager)
-        %i[nuget maven rubygems npm yarn pypi composer].include?(package_manager)
+        %i[nuget maven rubygems npm yarn pypi composer apk].include?(package_manager)
       end
 
       def gateway_for(dependency)

data/lib/spandx/core/plugin.rb

@@ -9,6 +9,12 @@ module Spandx
 
       class << self
         include Registerable
+
+        def enhance(dependency)
+          Plugin.all.inject(dependency) do |memo, plugin|
+            plugin.enhance(memo)
+          end
+        end
       end
     end
   end

data/lib/spandx/core/thread_pool.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Core
+    class ThreadPool
+      def initialize(size: 1)
+        @size = size
+        @queue = Queue.new
+        @pool = size.times.map { start_worker_thread(@queue) }
+      end
+
+      def run(*args, &job)
+        @queue.enq([job, args])
+      end
+
+      def done?
+        @queue.empty?
+      end
+
+      def shutdown
+        @size.times do
+          run { throw :exit }
+        end
+
+        @pool.map(&:join)
+      end
+
+      def self.open(**args)
+        pool = new(**args)
+        yield pool
+      ensure
+        pool.shutdown
+      end
+
+      private
+
+      def start_worker_thread(queue)
+        Thread.new(queue) do |q|
+          catch(:exit) do
+            loop do
+              job, args = q.deq
+              job.call(args)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spandx/dotnet/nuget_gateway.rb

@@ -69,7 +69,7 @@ module Spandx
 
       def fetch_json(url)
         response = http.get(url)
-        http.ok?(response) ? JSON.parse(response.body) : {}
+        http.ok?(response) ? Oj.load(response.body) : {}
       end
 
       def fetch_xml(url)

data/lib/spandx/js/parsers/npm.rb

@@ -18,8 +18,8 @@ module Spandx
 
         private
 
-        def each_metadata(file_path)
-          package_lock = JSON.parse(IO.read(file_path))
+        def each_metadata(path)
+          package_lock = Oj.load(path.read)
           package_lock['dependencies'].each do |name, metadata|
             yield metadata.merge('name' => name)
           end

data/lib/spandx/js/yarn_pkg.rb

@@ -27,7 +27,7 @@ module Spandx
         response = http.get(uri, escape: false)
 
         if http.ok?(response)
-          json = JSON.parse(response.body)
+          json = Oj.load(response.body)
           json['versions'] ? json['versions'][dependency.version] : json
         else
           {}

data/lib/spandx/os/parsers/apk.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Os
+    module Parsers
+      class Apk < ::Spandx::Core::Parser
+        def match?(path)
+          path.basename.fnmatch?('installed')
+        end
+
+        def parse(lockfile)
+          path = lockfile.to_s
+
+          [].tap do |items|
+            lockfile.open(mode: 'r') do |io|
+              each_package(io) do |data|
+                items.push(map_from(data, path))
+              end
+            end
+          end
+        end
+
+        private
+
+        def each_package(io)
+          package = {}
+
+          until io.eof?
+            line = io.readline.chomp
+            if line.empty?
+              yield package
+
+              package = {}
+            else
+              line.split(':').tap { |(key, value)| package[key] = value }
+            end
+          end
+        end
+
+        def map_from(data, path)
+          ::Spandx::Core::Dependency.new(
+            path: path,
+            name: data['P'],
+            version: data['V'],
+            meta: data.merge('license' => [data['L']])
+          )
+        end
+      end
+    end
+  end
+end

data/lib/spandx/os/parsers/dpkg.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Os
+    module Parsers
+      class Dpkg < ::Spandx::Core::Parser
+        class LineReader
+          attr_reader :io
+
+          def initialize(io)
+            @io = io
+          end
+
+          def each
+            yield read_package(io, Hash.new(''), nil) until io.eof?
+          end
+
+          private
+
+          def read_package(io, package, prev_key)
+            return package if io.eof?
+
+            line = io.readline.chomp
+            return package if line.empty?
+
+            key, value = split(line, prev_key)
+            package[key] += value
+            read_package(io, package, key)
+          end
+
+          def split(line, prev_key)
+            if prev_key && line.start_with?(' ')
+              [prev_key, line]
+            else
+              key, *rest = line.split(':')
+              value = rest&.join(':')&.strip
+              [key, value]
+            end
+          end
+        end
+
+        def match?(path)
+          path.basename.fnmatch?('status')
+        end
+
+        def parse(lockfile)
+          [].tap do |items|
+            lockfile.open(mode: 'r') do |io|
+              LineReader.new(io).each do |data|
+                items.push(map_from(data, lockfile.to_s))
+              end
+            end
+          end
+        end
+
+        private
+
+        def map_from(data, path)
+          ::Spandx::Core::Dependency.new(
+            path: path,
+            name: data['Package'],
+            version: data['Version'],
+            meta: data
+          )
+        end
+      end
+    end
+  end
+end

data/lib/spandx/php/packagist_gateway.rb

@@ -17,7 +17,7 @@ module Spandx
         response = http.get("https://repo.packagist.org/p/#{dependency.name}.json")
         return [] unless http.ok?(response)
 
-        json = JSON.parse(response.body)
+        json = Oj.load(response.body)
         json['packages'][dependency.name][dependency.version]['license']
       end
     end

data/lib/spandx/php/parsers/composer.rb

@@ -10,7 +10,7 @@ module Spandx
 
         def parse(path)
           items = Set.new
-          composer_lock = JSON.parse(path.read)
+          composer_lock = Oj.load(path.read)
           composer_lock['packages'].concat(composer_lock['packages-dev']).each do |dependency|
             items.add(map_from(path, dependency))
           end

data/lib/spandx/python/parsers/pipfile_lock.rb

@@ -19,7 +19,7 @@ module Spandx
         private
 
         def dependencies_from(lockfile)
-          json = JSON.parse(lockfile.read)
+          json = Oj.load(lockfile.read)
           each_dependency(json) do |name, version|
             yield ::Spandx::Core::Dependency.new(
               path: lockfile,

data/lib/spandx/python/pypi.rb

@@ -49,19 +49,26 @@ module Spandx
       end
 
       def version_from(url)
-        path = SUBSTITUTIONS.inject(URI.parse(url).path.split('/')[-1]) do |memo, item|
-          memo.gsub(item, '')
-        end
-
+        path = cleanup(url)
         return if path.rindex('-').nil?
 
-        path.scan(/-\d+\..*/)[-1][1..-1]
+        section = path.scan(/-\d+\..*/)
+        section = path.scan(/-\d+\.?.*/) if section.empty?
+        section[-1][1..-1]
+      rescue StandardError => error
+        warn([url, error].inspect)
       end
 
       private
 
       attr_reader :http
 
+      def cleanup(url)
+        SUBSTITUTIONS.inject(URI.parse(url).path.split('/')[-1]) do |memo, item|
+          memo.gsub(item, '')
+        end
+      end
+
       def sources_for(dependency)
         return default_sources if dependency.meta.empty?
 
@@ -76,7 +83,7 @@ module Spandx
         sources.each do |source|
           html_from(source, '/simple/').css('a[href*="/simple"]').each do |node|
             each_version(source, node[:href]) do |dependency|
-              definition = source.lookup(dependency[:name], dependency[:version])
+              definition = source.lookup(dependency[:name], dependency[:version], http: http)
               yield dependency.merge(license: definition['license'])
             end
           end
@@ -93,7 +100,12 @@ module Spandx
 
       def html_from(source, path)
         url = URI.join(source.uri.to_s, path).to_s
-        Nokogiri::HTML(http.get(url).body)
+        response = http.get(url)
+        if http.ok?(response)
+          Nokogiri::HTML(response.body)
+        else
+          Nokogiri::HTML('<html><head></head><body></body></html>')
+        end
       end
     end
   end

data/lib/spandx/python/source.rb

@@ -22,7 +22,7 @@ module Spandx
       def lookup(name, version, http: Spandx.http)
         response = http.get(uri_for(name, version))
         if http.ok?(response)
-          JSON.parse(response.body)
+          Oj.load(response.body)
         else
           {}
         end

data/lib/spandx/ruby/gateway.rb

@@ -27,7 +27,7 @@ module Spandx
       end
 
       def parse(json)
-        JSON.parse(json)
+        Oj.load(json)
       end
     end
   end

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.13.4'
+  VERSION = '0.16.0'
 end

data/spandx.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
 
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://github.com/spandx/spandx'
-  spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/master/CHANGELOG.md'
+  spec.metadata['changelog_uri'] = 'https://github.com/spandx/spandx/blob/main/CHANGELOG.md'
 
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     Dir.glob('exe/*') +
@@ -34,13 +34,13 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'addressable', '~> 2.7'
   spec.add_dependency 'bundler', '>= 1.16', '< 3.0.0'
-  spec.add_dependency 'nanospinner', '~> 1.0.0'
-  spec.add_dependency 'net-hippie', '~> 0.3'
+  spec.add_dependency 'net-hippie', '~> 1.0'
   spec.add_dependency 'nokogiri', '~> 1.10'
+  spec.add_dependency 'oj', '~> 3.10'
   spec.add_dependency 'parslet', '~> 2.0'
   spec.add_dependency 'terminal-table', '~> 1.8'
   spec.add_dependency 'thor'
-  spec.add_dependency 'tty-screen', '~> 0.7'
+  spec.add_dependency 'tty-spinner', '~> 0.9'
   spec.add_dependency 'zeitwerk', '~> 2.3'
 
   spec.add_development_dependency 'benchmark-ips', '~> 2.8'
@@ -54,6 +54,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rubocop', '~> 0.52'
   spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
   spec.add_development_dependency 'ruby-prof', '~> 1.3'
-  spec.add_development_dependency 'vcr', '~> 5.0'
+  spec.add_development_dependency 'vcr', '~> 6.0'
   spec.add_development_dependency 'webmock', '~> 3.7'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.13.4
+  version: 0.16.0
 platform: ruby
 authors:
 - Can Eldem
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-26 00:00:00.000000000 Z
+date: 2020-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -46,47 +46,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
-  name: nanospinner
+  name: net-hippie
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: net-hippie
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.10'
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '3.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '3.10'
 - !ruby/object:Gem::Dependency
   name: parslet
   requirement: !ruby/object:Gem::Requirement
@@ -130,19 +130,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: tty-screen
+  name: tty-spinner
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -317,14 +317,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -367,6 +367,10 @@ files:
 - lib/spandx/cli/commands/pull.rb
 - lib/spandx/cli/commands/scan.rb
 - lib/spandx/cli/main.rb
+- lib/spandx/cli/printer.rb
+- lib/spandx/cli/printers/csv.rb
+- lib/spandx/cli/printers/json.rb
+- lib/spandx/cli/printers/table.rb
 - lib/spandx/core/cache.rb
 - lib/spandx/core/circuit.rb
 - lib/spandx/core/content.rb
@@ -383,9 +387,8 @@ files:
 - lib/spandx/core/plugin.rb
 - lib/spandx/core/registerable.rb
 - lib/spandx/core/relation.rb
-- lib/spandx/core/report.rb
 - lib/spandx/core/score.rb
-- lib/spandx/core/spinner.rb
+- lib/spandx/core/thread_pool.rb
 - lib/spandx/dotnet/index.rb
 - lib/spandx/dotnet/nuget_gateway.rb
 - lib/spandx/dotnet/package_reference.rb
@@ -401,6 +404,8 @@ files:
 - lib/spandx/js/parsers/yarn.rb
 - lib/spandx/js/yarn_lock.rb
 - lib/spandx/js/yarn_pkg.rb
+- lib/spandx/os/parsers/apk.rb
+- lib/spandx/os/parsers/dpkg.rb
 - lib/spandx/php/packagist_gateway.rb
 - lib/spandx/php/parsers/composer.rb
 - lib/spandx/python/index.rb
@@ -422,7 +427,7 @@ licenses:
 metadata:
   homepage_uri: https://spandx.github.io/
   source_code_uri: https://github.com/spandx/spandx
-  changelog_uri: https://github.com/spandx/spandx/blob/master/CHANGELOG.md
+  changelog_uri: https://github.com/spandx/spandx/blob/main/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -438,7 +443,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.

data/lib/spandx/core/report.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class Report
-      attr_reader :dependencies
-
-      FORMATS = {
-        csv: :to_csv,
-        hash: :to_h,
-        json: :to_json,
-        table: :to_table,
-      }.freeze
-
-      def initialize
-        @dependencies = SortedSet.new
-      end
-
-      def add(dependency)
-        @dependencies << dependency
-      end
-
-      def to(format, formats: FORMATS)
-        public_send(formats.fetch(format&.to_sym, :to_json))
-      end
-
-      def to_table
-        Terminal::Table.new(headings: ['Name', 'Version', 'Licenses', 'Location']) do |t|
-          dependencies.each do |d|
-            t.add_row d.to_a
-          end
-        end
-      end
-
-      def to_h
-        { version: '1.0', dependencies: [] }.tap do |report|
-          dependencies.each do |dependency|
-            report[:dependencies].push(dependency.to_h)
-          end
-        end
-      end
-
-      def to_json(*_args)
-        JSON.pretty_generate(to_h)
-      end
-
-      def to_csv
-        dependencies.map do |dependency|
-          CSV.generate_line(dependency.to_a)
-        end
-      end
-    end
-  end
-end

data/lib/spandx/core/spinner.rb

@@ -1,51 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  module Core
-    class Spinner
-      NULL = Class.new do
-        def self.spin(*args); end
-
-        def self.stop(*args); end
-      end
-
-      attr_reader :columns, :spinner
-
-      def initialize(columns: TTY::Screen.columns, output: $stderr)
-        @columns = columns
-        @spinner = Nanospinner.new(output)
-        @queue = Queue.new
-        @thread = Thread.new { work }
-      end
-
-      def spin(message)
-        @queue.enq(justify(message))
-        yield if block_given?
-      end
-
-      def stop
-        @queue.clear
-        @queue.enq(:stop)
-        @thread.join
-      end
-
-      private
-
-      def justify(message)
-        message.to_s.ljust(columns - 3)
-      end
-
-      def work
-        last_message = justify('')
-        loop do
-          message = @queue.empty? ? last_message : @queue.deq
-          break if message == :stop
-
-          spinner.spin(message)
-          last_message = message
-          sleep 0.1
-        end
-      end
-    end
-  end
-end