licenseguard-cli 2.1.0 → 2.2.0

package/lib/commands/scan.js

@@ -6,8 +6,12 @@
 const chalk = require('chalk')
 const fs = require('fs')
 const path = require('path')
+const inquirer = require('inquirer')
+const { runInit } = require('./init')
 const { scanDependencies, displayConflictReport } = require('../scanner')
 const { detectLicenseFromText } = require('../scanner/license-detector')
+const { calculateCoverage, displayCoverage } = require('../scanner/coverage-reporter')
+const { generateHTML, writeHTMLFile } = require('../formatters/html-generator')
 
 /**
  * Try to detect project license from local files
@@ -41,7 +45,9 @@ function detectProjectLicense() {
     try {
       const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'))
       if (pkg.license) return pkg.license
-    } catch (e) {}
+    } catch (e) {
+      // Ignore malformed package.json
+    }
   }
 
   if (fs.existsSync('Cargo.toml')) {
@@ -51,6 +57,188 @@ function detectProjectLicense() {
   return null
 }
 
+/**
+ * Check if license string is valid (not null, empty, or UNLICENSED)
+ * @param {string|null} license - License to validate
+ * @returns {boolean} True if valid license
+ */
+function isValidLicense(license) {
+  return !!(license && license !== 'UNLICENSED' && license.trim() !== '')
+}
+
+/**
+ * Detect license from Node.js package.json
+ * @returns {string|null} Detected license or null
+ */
+function detectNodeLicense() {
+  try {
+    if (!fs.existsSync('package.json')) return null
+
+    const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'))
+    return pkg.license || null
+  } catch (error) {
+    return null
+  }
+}
+
+/**
+ * Detect license from Rust Cargo.toml
+ * @returns {string|null} Detected license or null
+ */
+function detectRustLicense() {
+  try {
+    if (!fs.existsSync('Cargo.toml')) return null
+
+    const content = fs.readFileSync('Cargo.toml', 'utf8')
+    const match = content.match(/license\s*=\s*"([^"]+)"/)
+    return match ? match[1] : null
+  } catch (error) {
+    return null
+  }
+}
+
+/**
+ * Detect license from Python pyproject.toml or setup.py
+ * @returns {string|null} Detected license or null
+ */
+function detectPythonLicense() {
+  // Try pyproject.toml first
+  try {
+    if (fs.existsSync('pyproject.toml')) {
+      const content = fs.readFileSync('pyproject.toml', 'utf8')
+      // Try different patterns for pyproject.toml
+      let match = content.match(/license\s*=\s*["{]([^"'}]+)["}]/)
+      if (!match) {
+        // Try project.license pattern
+        match = content.match(/project\.license\s*=\s*["{]([^"'}]+)["}]/)
+      }
+      if (match) return match[1]
+    }
+  } catch (error) {
+    // Continue to setup.py fallback
+  }
+
+  // Fallback to setup.py
+  try {
+    if (fs.existsSync('setup.py')) {
+      const content = fs.readFileSync('setup.py', 'utf8')
+      const match = content.match(/license\s*=\s*["']([^"']+)["']/)
+      if (match) return match[1]
+    }
+  } catch (error) {
+    // Ignore
+  }
+
+  return null
+}
+
+/**
+ * Detect license from Go go.mod (less standardized)
+ * @returns {string|null} Detected license or null
+ */
+function detectGoLicense() {
+  try {
+    // Check go.mod for license comment
+    if (fs.existsSync('go.mod')) {
+      const content = fs.readFileSync('go.mod', 'utf8')
+      const match = content.match(/\/\/\s*license:\s*([^\n]+)/i)
+      if (match) return match[1].trim()
+    }
+
+    // Check common source files for license headers
+    const sourceFiles = ['main.go', 'LICENSE', 'LICENSE.txt']
+    for (const file of sourceFiles) {
+      if (fs.existsSync(file)) {
+        const content = fs.readFileSync(file, 'utf8')
+        // Look for SPDX-License-Identifier
+        const match = content.match(/SPDX-License-Identifier:\s*([^\n]+)/i)
+        if (match) return match[1].trim()
+      }
+    }
+  } catch (error) {
+    // Ignore
+  }
+
+  return null
+}
+
+/**
+ * Detect license from C++ conanfile.txt or CMakeLists.txt
+ * @returns {string|null} Detected license or null
+ */
+function detectCppLicense() {
+  try {
+    // Try conanfile.txt
+    if (fs.existsSync('conanfile.txt')) {
+      const content = fs.readFileSync('conanfile.txt', 'utf8')
+      const match = content.match(/license\s*=\s*([^\n]+)/)
+      if (match) return match[1].trim()
+    }
+
+    // Try CMakeLists.txt
+    if (fs.existsSync('CMakeLists.txt')) {
+      const content = fs.readFileSync('CMakeLists.txt', 'utf8')
+      // Look for license comment
+      const match = content.match(/#\s*license:\s*([^\n]+)/i)
+      if (match) return match[1].trim()
+    }
+  } catch (error) {
+    // Ignore
+  }
+
+  return null
+}
+
+/**
+ * Auto-detect project license from package manager files
+ * Tries multiple ecosystems in priority order
+ * @returns {string|null} Detected license or null
+ */
+function autoDetectLicense() {
+  const strategies = [
+    { name: 'package.json', detector: detectNodeLicense },
+    { name: 'Cargo.toml', detector: detectRustLicense },
+    { name: 'pyproject.toml/setup.py', detector: detectPythonLicense },
+    { name: 'go.mod', detector: detectGoLicense },
+    { name: 'conanfile.txt/CMakeLists.txt', detector: detectCppLicense }
+  ]
+
+  for (const strategy of strategies) {
+    const license = strategy.detector()
+    if (isValidLicense(license)) {
+      return license
+    }
+  }
+
+  return null // Could not auto-detect
+}
+
+/**
+ * Check if running in interactive mode (TTY and not CI)
+ * @returns {boolean} True if interactive mode
+ */
+function isInteractive() {
+  return process.stdin.isTTY && !process.env.CI
+}
+
+/**
+ * Get project name from package.json or current directory
+ * @returns {string} Project name
+ */
+function getProjectName() {
+  try {
+    const pkgPath = path.join(process.cwd(), 'package.json')
+    if (fs.existsSync(pkgPath)) {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'))
+      return pkg.name || path.basename(process.cwd())
+    }
+  } catch (error) {
+    // Ignore errors, fall back to directory name
+  }
+
+  return path.basename(process.cwd())
+}
+
 /**
  * Run the scan command
  * @param {Object} options - Command options
@@ -67,10 +255,59 @@ async function runScan(options) {
 
   console.log(chalk.blue(`📂 Scanning in: ${process.cwd()}`))
 
-  // 2. Determine Project License
+  // 2. Check for config file existence
+  const configPath = '.licenseguardrc'
+  const configExists = fs.existsSync(configPath)
+
+  // 3. Determine Project License
   let projectLicense = options.license
 
-  if (!projectLicense) {
+  if (!projectLicense && !configExists) {
+    // Config missing - determine mode (interactive vs CI/CD)
+    const interactive = isInteractive()
+
+    if (interactive) {
+      // Interactive mode: Prompt user to run init
+      console.log(chalk.yellow('⚠️  Configuration not found.\n'))
+      console.log('LicenseGuard needs to know your project\'s license to detect conflicts.')
+      console.log(chalk.gray('(e.g. MIT projects can\'t use GPL libraries)\n'))
+
+      const answer = await inquirer.prompt([{
+        type: 'confirm',
+        name: 'initNow',
+        message: 'Would you like to initialize configuration now?',
+        default: true
+      }])
+
+      if (answer.initNow) {
+        // Run init interactively
+        await runInit(options)
+        console.log(chalk.blue('\n🔍 Continuing with scan...\n'))
+        // Config now exists, reload it
+        if (fs.existsSync(configPath)) {
+          const config = JSON.parse(fs.readFileSync(configPath, 'utf8'))
+          projectLicense = config.license
+        }
+      } else {
+        console.log(chalk.yellow('Okay, scanning aborted. Run licenseguard init when ready.'))
+        process.exit(0)
+      }
+    } else {
+      // CI/CD mode: Auto-detect license
+      projectLicense = autoDetectLicense()
+
+      if (!projectLicense) {
+        console.error(chalk.red('✗ Error: No configuration found and license could not be auto-detected.'))
+        console.log(chalk.yellow('\nFor CI/CD usage, commit .licenseguardrc to your repository:'))
+        console.log(chalk.blue('  1. Run: licenseguard init'))
+        console.log(chalk.blue('  2. Commit: git add .licenseguardrc && git commit\n'))
+        process.exit(1)
+      }
+
+      console.log(chalk.blue(`ℹ️  Auto-detected project license: ${projectLicense} (from package manager)\n`))
+    }
+  } else if (!projectLicense) {
+    // Config exists, try to load it
     projectLicense = detectProjectLicense()
     if (projectLicense) {
       console.log(chalk.blue(`ℹ️  Detected project license: ${projectLicense}`))
@@ -91,10 +328,21 @@ async function runScan(options) {
     const results = await scanDependencies(projectLicense)
 
     // 4. Display Report
-    const hasConflicts = displayConflictReport(results, projectLicense, {
+    const hasConflicts = await displayConflictReport(results, projectLicense, {
       explain: options.explain
     })
 
+    // 4.5. Display Coverage Report
+    const coverage = calculateCoverage(results)
+    displayCoverage(coverage)
+
+    // 4.6. Generate HTML Attribution (if requested)
+    if (options.format === 'html') {
+      const projectName = getProjectName()
+      const html = generateHTML(results, projectName)
+      writeHTMLFile(html, './CREDITS.html')
+    }
+
     // 5. Handle Exit Code
     if (hasConflicts && !options.allow) {
       console.log(chalk.red('\n❌ Scan failed: License conflicts detected.'))
@@ -118,4 +366,15 @@ async function runScan(options) {
   }
 }
 
-module.exports = { runScan }
+module.exports = {
+  runScan,
+  autoDetectLicense,
+  detectNodeLicense,
+  detectRustLicense,
+  detectPythonLicense,
+  detectGoLicense,
+  detectCppLicense,
+  isValidLicense,
+  isInteractive,
+  getProjectName
+}

package/lib/formatters/html-generator.js

@@ -0,0 +1,232 @@
+const fs = require('fs')
+const chalk = require('chalk')
+
+/**
+ * Generates mobile-optimized HTML attribution page
+ * @param {Object} scanResults - Scan results from scanner
+ * @param {Array} scanResults.packages - Array of package objects
+ * @param {string} projectName - Project name for title
+ * @returns {string} HTML content ready to write
+ * @example
+ * const html = generateHTML(scanResults, 'MyApp')
+ * fs.writeFileSync('CREDITS.html', html)
+ */
+function generateHTML(scanResults, projectName) {
+  const template = `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Open Source Licenses - ${escapeHtml(projectName)}</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      line-height: 1.6;
+      max-width: 800px;
+      margin: 0 auto;
+      padding: 20px;
+      background: #f5f5f5;
+      color: #333;
+    }
+    h1 {
+      color: #333;
+      border-bottom: 2px solid #007AFF;
+      padding-bottom: 10px;
+    }
+    .package {
+      background: white;
+      padding: 15px;
+      margin: 10px 0;
+      border-radius: 8px;
+      box-shadow: 0 1px 3px rgba(0,0,0,0.1);
+    }
+    .package-name {
+      font-weight: bold;
+      color: #007AFF;
+      font-size: 1.1em;
+    }
+    .license {
+      color: #666;
+      font-size: 0.9em;
+      margin-top: 5px;
+    }
+    .license-text {
+      background: #f9f9f9;
+      padding: 10px;
+      margin-top: 10px;
+      border-left: 3px solid #007AFF;
+      font-size: 0.85em;
+      white-space: pre-wrap;
+      display: none;
+      font-family: monospace;
+    }
+    .show-license {
+      cursor: pointer;
+      color: #007AFF;
+      text-decoration: underline;
+      font-size: 0.9em;
+      margin-top: 10px;
+      display: inline-block;
+      min-height: 44px;
+      min-width: 44px;
+      padding: 12px;
+      line-height: 20px;
+    }
+    .footer {
+      text-align: center;
+      margin-top: 40px;
+      color: #999;
+      font-size: 0.85em;
+    }
+    .footer a {
+      color: #007AFF;
+      text-decoration: none;
+    }
+    .footer a:hover {
+      text-decoration: underline;
+    }
+    @media (max-width: 768px) {
+      body {
+        padding: 10px;
+      }
+      .package {
+        padding: 12px;
+      }
+    }
+    @media (prefers-color-scheme: dark) {
+      body {
+        background: #1c1c1e;
+        color: #f5f5f5;
+      }
+      .package {
+        background: #2c2c2e;
+      }
+      .license-text {
+        background: #3a3a3c;
+      }
+      h1 {
+        color: #f5f5f5;
+      }
+    }
+  </style>
+</head>
+<body>
+  <h1>Open Source Licenses</h1>
+  <p>This application uses the following open source libraries:</p>
+
+  ${generatePackageCards(scanResults.packages)}
+
+  <div class="footer">
+    <p>Generated by <a href="https://www.npmjs.com/package/licenseguard-cli">LicenseGuard</a> v${getVersion()}</p>
+  </div>
+
+  <script>
+    // Progressive enhancement: show/hide license text
+    document.querySelectorAll('.show-license').forEach(link => {
+      link.addEventListener('click', function() {
+        const licenseText = this.nextElementSibling
+        if (licenseText.style.display === 'none' || !licenseText.style.display) {
+          licenseText.style.display = 'block'
+          this.textContent = 'Hide license text'
+        } else {
+          licenseText.style.display = 'none'
+          this.textContent = 'Show license text'
+        }
+      })
+    })
+  </script>
+</body>
+</html>`
+
+  return template
+}
+
+/**
+ * Generates HTML package cards for all packages
+ * @param {Array} packages - Array of package objects
+ * @returns {string} HTML string with all package cards
+ */
+function generatePackageCards(packages) {
+  if (!packages || packages.length === 0) {
+    return '<div class="package"><p>No packages found</p></div>'
+  }
+
+  // Sort alphabetically by package name
+  const sortedPackages = [...packages].sort((a, b) =>
+    a.name.localeCompare(b.name)
+  )
+
+  return sortedPackages.map(pkg => {
+    const licenseTextHtml = pkg.licenseText
+      ? `
+        <div class="show-license">Show license text</div>
+        <div class="license-text">${escapeHtml(pkg.licenseText)}</div>
+      `
+      : ''
+
+    return `
+    <div class="package">
+      <div class="package-name">${escapeHtml(pkg.name)} v${escapeHtml(pkg.version)}</div>
+      <div class="license">License: ${escapeHtml(pkg.license)}</div>${licenseTextHtml}
+    </div>
+    `.trim()
+  }).join('\n')
+}
+
+/**
+ * Escapes HTML special characters to prevent XSS
+ * @param {string} text - Text to escape
+ * @returns {string} Escaped text safe for HTML
+ */
+function escapeHtml(text) {
+  if (!text) return ''
+
+  return String(text)
+    .replace(/&/g, '&amp;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#39;')
+}
+
+/**
+ * Gets LicenseGuard version from package.json
+ * @returns {string} Version string
+ */
+function getVersion() {
+  try {
+    const packageJson = require('../../package.json')
+    return packageJson.version
+  } catch (error) {
+    return '2.2.0'
+  }
+}
+
+/**
+ * Writes HTML file to disk with error handling
+ * @param {string} html - HTML content to write
+ * @param {string} outputPath - Path to write file
+ */
+function writeHTMLFile(html, outputPath) {
+  try {
+    fs.writeFileSync(outputPath, html, 'utf8')
+    console.log(chalk.green(`✓ Attribution page saved to: ${outputPath}`))
+  } catch (error) {
+    if (error.code === 'EACCES') {
+      console.error(chalk.red('✗ Error: Could not write CREDITS.html (permission denied)'))
+      console.log(chalk.yellow('Try running with elevated permissions or choose different output directory'))
+    } else if (error.code === 'ENOSPC') {
+      console.error(chalk.red('✗ Error: Could not write CREDITS.html (disk full)'))
+    } else {
+      console.error(chalk.red(`✗ Error: Could not write CREDITS.html (${error.message})`))
+    }
+    process.exit(1)
+  }
+}
+
+module.exports = {
+  generateHTML,
+  escapeHtml,
+  generatePackageCards,
+  writeHTMLFile
+}

package/lib/scanner/color-mapper.js

@@ -0,0 +1,87 @@
+const chalk = require('chalk')
+
+// License color mapping based on safety level
+const LICENSE_COLORS = {
+  // Green: Permissive licenses
+  'MIT': 'green',
+  'Apache-2.0': 'green',
+  'BSD-2-Clause': 'green',
+  'BSD-3-Clause': 'green',
+  'ISC': 'green',
+  '0BSD': 'green',
+  'Unlicense': 'green',
+
+  // Yellow: Weak copyleft
+  'MPL-2.0': 'yellow',
+  'LGPL-2.1': 'yellow',
+  'LGPL-3.0': 'yellow',
+  'EPL-1.0': 'yellow',
+  'EPL-2.0': 'yellow',
+
+  // Red: Strong copyleft
+  'GPL-2.0': 'red',
+  'GPL-3.0': 'red',
+  'AGPL-3.0': 'red',
+
+  // Gray: Unknown
+  'UNKNOWN': 'gray'
+}
+
+// Emoji indicators for accessibility
+const EMOJI_INDICATORS = {
+  green: '🟢',
+  yellow: '⚠️',
+  red: '❌',
+  gray: '❔'
+}
+
+/**
+ * Get color for a given license
+ * @param {string} license - License identifier (e.g., "MIT", "GPL-3.0")
+ * @returns {string} - Color name (green/yellow/red/gray)
+ */
+function getColor(license) {
+  return LICENSE_COLORS[license] || 'gray'
+}
+
+/**
+ * Get emoji indicator for a given license
+ * @param {string} license - License identifier
+ * @returns {string} - Emoji indicator
+ */
+function getEmoji(license) {
+  const color = getColor(license)
+  return EMOJI_INDICATORS[color]
+}
+
+/**
+ * Colorize text based on license safety level
+ * @param {string} license - License identifier
+ * @param {string} text - Text to colorize
+ * @returns {string} - Colorized text with chalk
+ */
+function colorize(license, text) {
+  const color = getColor(license)
+  return chalk[color](text)
+}
+
+/**
+ * Colorize text with emoji indicator
+ * @param {string} license - License identifier
+ * @param {string} text - Text to colorize
+ * @returns {string} - Colorized text with emoji prefix
+ */
+function colorizeWithEmoji(license, text) {
+  const emoji = getEmoji(license)
+  const coloredText = colorize(license, text)
+  return `${emoji} ${coloredText}`
+}
+
+module.exports = {
+  getColor,
+  getEmoji,
+  colorize,
+  colorizeWithEmoji,
+  LICENSE_COLORS,
+  EMOJI_INDICATORS
+}

package/lib/scanner/coverage-reporter.js

@@ -0,0 +1,84 @@
+const chalk = require('chalk')
+
+/**
+ * Calculate coverage statistics from scan results
+ * @param {Object} scanResults - Scan results object
+ * @returns {Object} Coverage statistics { total, identified, unknown, percentage }
+ */
+function calculateCoverage(scanResults) {
+  // Handle cases where scanResults might be undefined or null
+  if (!scanResults) {
+    return {
+      total: 0,
+      identified: 0,
+      unknown: 0,
+      percentage: 0.0,
+    }
+  }
+
+  // Support both old format (packages array) and new format (totalDependencies)
+  let totalPackages = 0
+  let unknownPackages = 0
+
+  if (scanResults.packages) {
+    // Old format: packages array
+    totalPackages = scanResults.packages.length
+    unknownPackages = scanResults.packages.filter(p => p.license === 'UNKNOWN').length
+  } else if (scanResults.totalDependencies !== undefined) {
+    // New format: totalDependencies, compatible, incompatible, unknown
+    totalPackages = scanResults.totalDependencies
+    unknownPackages = scanResults.unknown || 0
+  } else {
+    // Unknown format
+    return {
+      total: 0,
+      identified: 0,
+      unknown: 0,
+      percentage: 0.0,
+    }
+  }
+
+  const identifiedPackages = totalPackages - unknownPackages
+  const percentage = totalPackages > 0
+    ? ((identifiedPackages / totalPackages) * 100).toFixed(1)
+    : '0.0'
+
+  return {
+    total: totalPackages,
+    identified: identifiedPackages,
+    unknown: unknownPackages,
+    percentage: parseFloat(percentage),
+  }
+}
+
+/**
+ * Get emoji indicator based on coverage percentage
+ * @param {number} percentage - Coverage percentage
+ * @returns {string} Emoji indicator (✅/⚠️/❌)
+ */
+function getCoverageEmoji(percentage) {
+  if (percentage >= 90) return '✅'
+  if (percentage >= 70) return '⚠️'
+  return '❌'
+}
+
+/**
+ * Display coverage report to console
+ * @param {Object} coverage - Coverage object from calculateCoverage
+ */
+function displayCoverage(coverage) {
+  console.log(chalk.blue('\n📊 Scan Coverage:'))
+
+  const emoji = getCoverageEmoji(coverage.percentage)
+  console.log(`${emoji} ${coverage.identified}/${coverage.total} packages identified (${coverage.percentage}%)`)
+
+  if (coverage.unknown > 0) {
+    console.log(chalk.yellow(`⚠️  ${coverage.unknown} packages with unknown licenses`))
+  }
+
+  if (coverage.percentage < 80) {
+    console.log(chalk.yellow('\n💡 Tip: Some packages may need manual LICENSE file inspection'))
+  }
+}
+
+module.exports = { calculateCoverage, displayCoverage, getCoverageEmoji }