npm - @wipcomputer/wip-license-hook - Versions diffs - 1.0.0 - Mend

@wipcomputer/wip-license-hook 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/core/scanner.js ADDED Viewed

@@ -0,0 +1,325 @@
+/**
+ * Scanner — detects dependencies and their licenses across package managers.
+ * Supports: npm, pip, cargo, go modules. Works offline.
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { execSync } from "node:child_process";
+import { detectLicenseFromText, normalizeSpdx } from "./detector.js";
+import { readLedger, writeLedger, upsertEntry, findEntry, addAlert, archiveSnapshot, hasLicenseChanged, } from "./ledger.js";
+// ─── License file discovery ───
+const LICENSE_NAMES = ["LICENSE", "LICENSE.md", "LICENSE.txt", "LICENCE", "COPYING", "COPYING.md"];
+export function findLicenseFile(dir) {
+    for (const name of LICENSE_NAMES) {
+        const p = join(dir, name);
+        if (existsSync(p))
+            return p;
+    }
+    return null;
+}
+export function readLicenseFromDir(dir) {
+    const p = findLicenseFile(dir);
+    if (!p)
+        return null;
+    const text = readFileSync(p, "utf-8");
+    return { license: detectLicenseFromText(text), text };
+}
+// ─── Package manager detection ───
+function detectPackageManagers(repoRoot) {
+    const types = [];
+    if (existsSync(join(repoRoot, "package.json")))
+        types.push("npm");
+    if (existsSync(join(repoRoot, "requirements.txt")) || existsSync(join(repoRoot, "Pipfile")) || existsSync(join(repoRoot, "pyproject.toml")))
+        types.push("pip");
+    if (existsSync(join(repoRoot, "Cargo.toml")))
+        types.push("cargo");
+    if (existsSync(join(repoRoot, "go.mod")))
+        types.push("go");
+    return types;
+}
+// ─── npm scanning ───
+function scanNpmDeps(repoRoot, offline) {
+    const results = [];
+    const pkgPath = join(repoRoot, "package.json");
+    if (!existsSync(pkgPath))
+        return results;
+    const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    for (const [name, _version] of Object.entries(allDeps)) {
+        let detectedLicense = "UNKNOWN";
+        let licenseText;
+        // Check node_modules first (works offline)
+        const modDir = join(repoRoot, "node_modules", name);
+        if (existsSync(modDir)) {
+            const fromFile = readLicenseFromDir(modDir);
+            if (fromFile) {
+                detectedLicense = fromFile.license;
+                licenseText = fromFile.text;
+            }
+            // Also check package.json license field
+            const modPkg = join(modDir, "package.json");
+            if (existsSync(modPkg) && detectedLicense === "UNKNOWN") {
+                try {
+                    const modMeta = JSON.parse(readFileSync(modPkg, "utf-8"));
+                    if (modMeta.license)
+                        detectedLicense = normalizeSpdx(modMeta.license);
+                }
+                catch { /* skip */ }
+            }
+        }
+        // Try npm view if online and still unknown
+        if (detectedLicense === "UNKNOWN" && !offline) {
+            try {
+                const out = execSync(`npm view ${name} license 2>/dev/null`, { encoding: "utf-8", timeout: 10000 }).trim();
+                if (out)
+                    detectedLicense = normalizeSpdx(out);
+            }
+            catch { /* offline or not found */ }
+        }
+        results.push({
+            name,
+            source: `npm:${name}`,
+            type: "npm",
+            detectedLicense,
+            licenseText,
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── pip scanning ───
+function parsePipDeps(repoRoot) {
+    const names = [];
+    const reqPath = join(repoRoot, "requirements.txt");
+    if (existsSync(reqPath)) {
+        const lines = readFileSync(reqPath, "utf-8").split("\n");
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("-"))
+                continue;
+            const name = trimmed.split(/[=<>!~\[]/)[0].trim();
+            if (name)
+                names.push(name);
+        }
+    }
+    return names;
+}
+function scanPipDeps(repoRoot, offline) {
+    const deps = parsePipDeps(repoRoot);
+    const results = [];
+    for (const name of deps) {
+        let detectedLicense = "UNKNOWN";
+        if (!offline) {
+            try {
+                const out = execSync(`pip show ${name} 2>/dev/null`, { encoding: "utf-8", timeout: 10000 });
+                const match = out.match(/^License:\s*(.+)$/m);
+                if (match)
+                    detectedLicense = normalizeSpdx(match[1]);
+            }
+            catch { /* skip */ }
+        }
+        results.push({
+            name,
+            source: `pip:${name}`,
+            type: "pip",
+            detectedLicense,
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── cargo scanning ───
+function scanCargoDeps(repoRoot, offline) {
+    const results = [];
+    const cargoPath = join(repoRoot, "Cargo.toml");
+    if (!existsSync(cargoPath))
+        return results;
+    const content = readFileSync(cargoPath, "utf-8");
+    const depSection = content.match(/\[dependencies\]([\s\S]*?)(\[|$)/);
+    if (!depSection)
+        return results;
+    const lines = depSection[1].split("\n");
+    for (const line of lines) {
+        const match = line.match(/^(\S+)\s*=/);
+        if (!match)
+            continue;
+        const name = match[1];
+        let detectedLicense = "UNKNOWN";
+        if (!offline) {
+            try {
+                const out = execSync(`cargo info ${name} 2>/dev/null`, { encoding: "utf-8", timeout: 10000 });
+                const lMatch = out.match(/license:\s*(.+)/i);
+                if (lMatch)
+                    detectedLicense = normalizeSpdx(lMatch[1]);
+            }
+            catch { /* skip */ }
+        }
+        results.push({
+            name,
+            source: `cargo:${name}`,
+            type: "cargo",
+            detectedLicense,
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── go scanning ───
+function scanGoDeps(repoRoot, _offline) {
+    const results = [];
+    const goModPath = join(repoRoot, "go.mod");
+    if (!existsSync(goModPath))
+        return results;
+    const content = readFileSync(goModPath, "utf-8");
+    const requireBlock = content.match(/require\s*\(([\s\S]*?)\)/);
+    const lines = requireBlock ? requireBlock[1].split("\n") : [];
+    // Also handle single-line requires
+    const singleRequires = content.match(/^require\s+(\S+)\s+/gm) ?? [];
+    for (const sr of singleRequires) {
+        const m = sr.match(/^require\s+(\S+)/);
+        if (m)
+            lines.push(m[1]);
+    }
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("//"))
+            continue;
+        const parts = trimmed.split(/\s+/);
+        const name = parts[0];
+        if (!name || name.startsWith(")"))
+            continue;
+        results.push({
+            name,
+            source: `go:${name}`,
+            type: "go",
+            detectedLicense: "UNKNOWN", // Go modules need network for license check
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── Fork/upstream scanning ───
+function scanUpstreamLicense(repoRoot, offline) {
+    // Check if there's an upstream remote
+    try {
+        const remote = execSync("git remote get-url upstream 2>/dev/null", {
+            cwd: repoRoot, encoding: "utf-8", timeout: 5000
+        }).trim();
+        if (!remote)
+            return null;
+        // Fetch upstream (if online)
+        if (!offline) {
+            try {
+                execSync("git fetch upstream --quiet 2>/dev/null", { cwd: repoRoot, timeout: 30000 });
+            }
+            catch { /* offline, use cached */ }
+        }
+        // Try to read LICENSE from upstream/main or upstream/master
+        for (const branch of ["upstream/main", "upstream/master"]) {
+            try {
+                const text = execSync(`git show ${branch}:LICENSE 2>/dev/null`, {
+                    cwd: repoRoot, encoding: "utf-8", timeout: 5000
+                });
+                if (text) {
+                    const license = detectLicenseFromText(text);
+                    return {
+                        name: "upstream",
+                        source: remote,
+                        type: "fork",
+                        detectedLicense: license,
+                        licenseText: text,
+                        wasChanged: false,
+                        isNew: true,
+                    };
+                }
+            }
+            catch { /* try next branch */ }
+        }
+    }
+    catch { /* no upstream remote */ }
+    return null;
+}
+// ─── Main scan ───
+export function scanAll(opts) {
+    const { repoRoot, offline = false } = opts;
+    const managers = detectPackageManagers(repoRoot);
+    const results = [];
+    // Always check upstream fork
+    const upstream = scanUpstreamLicense(repoRoot, offline);
+    if (upstream)
+        results.push(upstream);
+    if (managers.includes("npm"))
+        results.push(...scanNpmDeps(repoRoot, offline));
+    if (managers.includes("pip"))
+        results.push(...scanPipDeps(repoRoot, offline));
+    if (managers.includes("cargo"))
+        results.push(...scanCargoDeps(repoRoot, offline));
+    if (managers.includes("go"))
+        results.push(...scanGoDeps(repoRoot, offline));
+    return results;
+}
+/**
+ * Run a full scan and update the ledger. Returns results with change detection.
+ */
+export function scanAndUpdate(opts) {
+    const { repoRoot } = opts;
+    const ledger = readLedger(repoRoot);
+    const results = scanAll(opts);
+    const today = new Date().toISOString().slice(0, 10);
+    for (const result of results) {
+        const existing = findEntry(ledger, result.name);
+        if (existing) {
+            result.isNew = false;
+            existing.license_current = result.detectedLicense;
+            existing.last_checked = today;
+            if (hasLicenseChanged(existing)) {
+                existing.status = "changed";
+                result.wasChanged = true;
+                addAlert(ledger, result.name, existing.license_at_adoption, result.detectedLicense);
+            }
+            else {
+                existing.status = "clean";
+            }
+            upsertEntry(ledger, existing);
+        }
+        else {
+            // New dependency
+            const entry = {
+                name: result.name,
+                source: result.source,
+                type: result.type,
+                license_at_adoption: result.detectedLicense,
+                license_current: result.detectedLicense,
+                adopted_date: today,
+                last_checked: today,
+                status: "clean",
+            };
+            upsertEntry(ledger, entry);
+        }
+        // Archive license text if available
+        if (result.licenseText) {
+            archiveSnapshot(repoRoot, result.name, result.licenseText, today);
+        }
+    }
+    ledger.last_full_scan = new Date().toISOString();
+    writeLedger(repoRoot, ledger);
+    return results;
+}
+/**
+ * Gate check — returns true if safe to proceed, false if blocked.
+ */
+export function gateCheck(repoRoot, offline) {
+    const results = scanAndUpdate({ repoRoot, offline });
+    const changed = results.filter((r) => r.wasChanged);
+    const alerts = changed.map((r) => `🚫 LICENSE CHANGED: ${r.name} — was adopted under different terms, now detected as ${r.detectedLicense}`);
+    return {
+        safe: changed.length === 0,
+        results,
+        alerts,
+    };
+}
+//# sourceMappingURL=scanner.js.map

package/dist/core/scanner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/core/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAe,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAkB,MAAM,eAAe,CAAC;AACrF,OAAO,EACL,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EACzD,eAAe,EAAE,iBAAiB,GAEnC,MAAM,aAAa,CAAC;AAkBrB,iCAAiC;AAEjC,MAAM,aAAa,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AAEnG,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACtC,OAAO,EAAE,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;AACxD,CAAC;AAED,oCAAoC;AAEpC,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/J,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uBAAuB;AAEvB,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAgB;IACrD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAEzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;IAEhE,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,IAAI,eAAe,GAAc,SAAS,CAAC;QAC3C,IAAI,WAA+B,CAAC;QAEpC,2CAA2C;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;QACpD,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC;gBACnC,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC;YAC9B,CAAC;YACD,wCAAwC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAC5C,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBACxD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;oBAC1D,IAAI,OAAO,CAAC,OAAO;wBAAE,eAAe,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBACxE,CAAC;gBAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,eAAe,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,IAAI,sBAAsB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3G,IAAI,GAAG;oBAAE,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,OAAO,IAAI,EAAE;YACrB,IAAI,EAAE,KAAK;YACX,eAAe;YACf,WAAW;YACX,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,uBAAuB;AAEvB,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IACnD,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC7E,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAgB;IACrD,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,IAAI,eAAe,GAAc,SAAS,CAAC;QAE3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,IAAI,cAAc,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC5F,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBAC9C,IAAI,KAAK;oBAAE,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,OAAO,IAAI,EAAE;YACrB,IAAI,EAAE,KAAK;YACX,eAAe;YACf,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,yBAAyB;AAEzB,SAAS,aAAa,CAAC,QAAgB,EAAE,OAAgB;IACvD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,OAAO,CAAC;IAE3C,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACrE,IAAI,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC;IAEhC,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,eAAe,GAAc,SAAS,CAAC;QAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,cAAc,IAAI,cAAc,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC9F,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;gBAC7C,IAAI,MAAM;oBAAE,eAAe,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,SAAS,IAAI,EAAE;YACvB,IAAI,EAAE,OAAO;YACb,eAAe;YACf,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sBAAsB;AAEtB,SAAS,UAAU,CAAC,QAAgB,EAAE,QAAiB;IACrD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,OAAO,CAAC;IAE3C,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE9D,mCAAmC;IACnC,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;IACpE,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACvC,IAAI,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE5C,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,IAAI,EAAE,IAAI;YACV,eAAe,EAAE,SAAS,EAAG,4CAA4C;YACzE,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iCAAiC;AAEjC,SAAS,mBAAmB,CAAC,QAAgB,EAAE,OAAgB;IAC7D,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,yCAAyC,EAAE;YACjE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI;SAChD,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,6BAA6B;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,QAAQ,CAAC,wCAAwC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACxF,CAAC;YAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;QACvC,CAAC;QAED,4DAA4D;QAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,YAAY,MAAM,sBAAsB,EAAE;oBAC9D,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI;iBAChD,CAAC,CAAC;gBACH,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;oBAC5C,OAAO;wBACL,IAAI,EAAE,UAAU;wBAChB,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,MAAM;wBACZ,eAAe,EAAE,OAAO;wBACxB,WAAW,EAAE,IAAI;wBACjB,UAAU,EAAE,KAAK;wBACjB,KAAK,EAAE,IAAI;qBACZ,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,qBAAqB,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,CAAC;IAEpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,oBAAoB;AAEpB,MAAM,UAAU,OAAO,CAAC,IAAiB;IACvC,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IAC3C,MAAM,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACxD,IAAI,QAAQ;QAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAErC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9E,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9E,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAClF,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAE5E,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAiB;IAC7C,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAC1B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAEhD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;YACrB,QAAQ,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YAClD,QAAQ,CAAC,YAAY,GAAG,KAAK,CAAC;YAE9B,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,QAAQ,CAAC,MAAM,GAAG,SAAS,CAAC;gBAC5B,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;gBACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;YACtF,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC;YAC5B,CAAC;YAED,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,iBAAiB;YACjB,MAAM,KAAK,GAAgB;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,mBAAmB,EAAE,MAAM,CAAC,eAAe;gBAC3C,eAAe,EAAE,MAAM,CAAC,eAAe;gBACvC,YAAY,EAAE,KAAK;gBACnB,YAAY,EAAE,KAAK;gBACnB,MAAM,EAAE,OAAO;aAChB,CAAC;YACF,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,oCAAoC;QACpC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,MAAM,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjD,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE9B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,OAAgB;IAC1D,MAAM,OAAO,GAAG,aAAa,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,CAAC,IAAI,yDAAyD,CAAC,CAAC,eAAe,EAAE,CACjH,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC1B,OAAO;QACP,MAAM;KACP,CAAC;AACJ,CAAC"}

package/hooks/pre-pull.sh ADDED Viewed

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# wip-license-hook — Pre-pull hook (hard gate)
+# Blocks pull/merge if upstream license has changed.
+#
+# Install: cp hooks/pre-pull.sh .git/hooks/pre-merge-commit && chmod +x .git/hooks/pre-merge-commit
+# Or: wip-license-hook install
+set -euo pipefail
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+# Check if wip-license-hook is available
+if command -v wip-license-hook &>/dev/null; then
+  HOOK_CMD="wip-license-hook"
+elif [ -f "$REPO_ROOT/node_modules/.bin/wip-license-hook" ]; then
+  HOOK_CMD="$REPO_ROOT/node_modules/.bin/wip-license-hook"
+elif command -v npx &>/dev/null; then
+  HOOK_CMD="npx @wipcomputer/wip-license-hook"
+else
+  echo ""
+  echo "╔══════════════════════════════════════════════════╗"
+  echo "║  ⚠️  wip-license-hook not found                  ║"
+  echo "║  Install: npm i -g @wipcomputer/wip-license-hook ║"
+  echo "║  Pull proceeding WITHOUT license check.          ║"
+  echo "╚══════════════════════════════════════════════════╝"
+  echo ""
+  exit 0
+fi
+echo ""
+echo "🔒 wip-license-hook: Checking upstream licenses..."
+echo ""
+# Run the gate check — exits non-zero if license changed
+cd "$REPO_ROOT"
+$HOOK_CMD gate
+EXIT_CODE=$?
+if [ $EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "╔══════════════════════════════════════════════════╗"
+  echo "║  🚫  MERGE BLOCKED — License change detected!   ║"
+  echo "║                                                  ║"
+  echo "║  Review the changes above. If you accept the     ║"
+  echo "║  new license, update the ledger:                 ║"
+  echo "║    wip-license-hook scan                         ║"
+  echo "║                                                  ║"
+  echo "║  Then retry the pull/merge.                      ║"
+  echo "╚══════════════════════════════════════════════════╝"
+  echo ""
+  exit 1
+fi
+exit 0

package/hooks/pre-push.sh ADDED Viewed

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# wip-license-hook — Pre-push hook (advisory alert)
+# Warns if upstream license has drifted. Does NOT block push.
+#
+# Install: cp hooks/pre-push.sh .git/hooks/pre-push && chmod +x .git/hooks/pre-push
+# Or: wip-license-hook install
+set -uo pipefail
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+# Check if wip-license-hook is available
+if command -v wip-license-hook &>/dev/null; then
+  HOOK_CMD="wip-license-hook"
+elif [ -f "$REPO_ROOT/node_modules/.bin/wip-license-hook" ]; then
+  HOOK_CMD="$REPO_ROOT/node_modules/.bin/wip-license-hook"
+elif command -v npx &>/dev/null; then
+  HOOK_CMD="npx @wipcomputer/wip-license-hook"
+else
+  # No tool available — push proceeds silently
+  exit 0
+fi
+echo ""
+echo "🔒 wip-license-hook: Checking license status before push..."
+echo ""
+cd "$REPO_ROOT"
+# Run gate in advisory mode — capture output but NEVER block push
+OUTPUT=$($HOOK_CMD gate 2>&1) || true
+EXIT_CODE=$?
+if [ $EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "╔══════════════════════════════════════════════════╗"
+  echo "║  ⚠️  LICENSE DRIFT DETECTED                      ║"
+  echo "║                                                  ║"
+  echo "║  Upstream license may have changed.              ║"
+  echo "║  Your push will proceed (it's your code).        ║"
+  echo "║                                                  ║"
+  echo "║  Run: wip-license-hook scan --verbose            ║"
+  echo "║  to review the changes.                          ║"
+  echo "╚══════════════════════════════════════════════════╝"
+  echo ""
+  echo "$OUTPUT"
+  echo ""
+fi
+# ALWAYS exit 0 — pre-push is advisory only
+exit 0

package/package.json ADDED Viewed

@@ -0,0 +1,36 @@
+{
+  "name": "@wipcomputer/wip-license-hook",
+  "version": "1.0.0",
+  "description": "License rug-pull detection and dependency license compliance for open source projects",
+  "type": "module",
+  "main": "dist/cli/index.js",
+  "bin": {
+    "wip-license-hook": "dist/cli/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/cli/index.js",
+    "lint": "tsc --noEmit"
+  },
+  "keywords": ["license", "compliance", "git-hook", "rug-pull", "dependency", "scanner"],
+  "author": "WIP Computer",
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "@types/node": "^20.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist/",
+    "hooks/",
+    "dashboard/",
+    "README.md",
+    "LICENSE"
+  ]
+}