periapsis 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/periapsis-license-check.yml +60 -0
- package/package.json +16 -2
- package/policy/licenses.json +15 -1
- package/sbom-licenses.json +119 -1
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
name: Periapsis License Check
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
workflow_dispatch:
|
|
5
|
+
pull_request:
|
|
6
|
+
types: [opened, synchronize, reopened, ready_for_review]
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
contents: read
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
periapsis:
|
|
13
|
+
if: github.event_name != 'pull_request' || github.event.pull_request.draft == false
|
|
14
|
+
runs-on: ubuntu-latest
|
|
15
|
+
steps:
|
|
16
|
+
- name: Checkout
|
|
17
|
+
uses: actions/checkout@v4
|
|
18
|
+
|
|
19
|
+
- name: Setup Node
|
|
20
|
+
uses: actions/setup-node@v4
|
|
21
|
+
with:
|
|
22
|
+
node-version: 20
|
|
23
|
+
cache: npm
|
|
24
|
+
|
|
25
|
+
- name: Install dependencies
|
|
26
|
+
run: npm ci
|
|
27
|
+
|
|
28
|
+
- name: Run Periapsis policy check
|
|
29
|
+
id: periapsis
|
|
30
|
+
continue-on-error: true
|
|
31
|
+
run: npx periapsis --violations-out sbom-violations.json
|
|
32
|
+
|
|
33
|
+
- name: Enforce zero violations
|
|
34
|
+
if: always()
|
|
35
|
+
run: |
|
|
36
|
+
if [ "${{ steps.periapsis.outcome }}" != "success" ]; then
|
|
37
|
+
echo "Periapsis command failed."
|
|
38
|
+
exit 1
|
|
39
|
+
fi
|
|
40
|
+
|
|
41
|
+
if [ ! -f sbom-violations.json ]; then
|
|
42
|
+
echo "sbom-violations.json was not generated."
|
|
43
|
+
exit 1
|
|
44
|
+
fi
|
|
45
|
+
|
|
46
|
+
VIOLATION_COUNT=$(node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync('sbom-violations.json','utf8'));const count=Array.isArray(d)?d.length:(Array.isArray(d?.violations)?d.violations.length:0);process.stdout.write(String(count));")
|
|
47
|
+
echo "Detected violations: ${VIOLATION_COUNT}"
|
|
48
|
+
|
|
49
|
+
if [ "${VIOLATION_COUNT}" -gt 0 ]; then
|
|
50
|
+
echo "License policy violations detected."
|
|
51
|
+
exit 1
|
|
52
|
+
fi
|
|
53
|
+
|
|
54
|
+
- name: Upload violations report
|
|
55
|
+
if: always()
|
|
56
|
+
uses: actions/upload-artifact@v4
|
|
57
|
+
with:
|
|
58
|
+
name: periapsis-violations
|
|
59
|
+
path: sbom-violations.json
|
|
60
|
+
if-no-files-found: ignore
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "periapsis",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"scripts": {
|
|
@@ -19,5 +19,19 @@
|
|
|
19
19
|
"node": ">=18"
|
|
20
20
|
},
|
|
21
21
|
"description": "Lightweight SBOM/license checker with allowlist, exceptions, and upstream chains.",
|
|
22
|
-
"
|
|
22
|
+
"repository": {
|
|
23
|
+
"type": "git",
|
|
24
|
+
"url": "https://github.com/scfast/periapsis"
|
|
25
|
+
},
|
|
26
|
+
"keywords": [
|
|
27
|
+
"sbom",
|
|
28
|
+
"license",
|
|
29
|
+
"compliance",
|
|
30
|
+
"spdx",
|
|
31
|
+
"cli"
|
|
32
|
+
],
|
|
33
|
+
"license": "MIT",
|
|
34
|
+
"devDependencies": {
|
|
35
|
+
"periapsis": "^1.0.1"
|
|
36
|
+
}
|
|
23
37
|
}
|
package/policy/licenses.json
CHANGED
|
@@ -1 +1,15 @@
|
|
|
1
|
-
[
|
|
1
|
+
[
|
|
2
|
+
{
|
|
3
|
+
"identifier": "CC-BY-3.0",
|
|
4
|
+
"category": "Permissive Licenses",
|
|
5
|
+
"fullName": "CC-BY-3.0",
|
|
6
|
+
"notes": "allows users to share, adapt, and commercially use, distribute, or remix a work, provided that appropriate credit is given to the original creator. It is a free, irrevocable, and non-exclusive license that requires attribution and a link to the license.",
|
|
7
|
+
"rationale": "Low risk",
|
|
8
|
+
"approvedBy": [
|
|
9
|
+
"Shane Fast"
|
|
10
|
+
],
|
|
11
|
+
"approvedAt": "2026-02-13T22:00:52.348Z",
|
|
12
|
+
"expiresAt": null,
|
|
13
|
+
"evidenceRef": "https://creativecommons.org/licenses/by/3.0/deed.en"
|
|
14
|
+
}
|
|
15
|
+
]
|
package/sbom-licenses.json
CHANGED
|
@@ -1,4 +1,89 @@
|
|
|
1
1
|
[
|
|
2
|
+
{
|
|
3
|
+
"name": "ajv",
|
|
4
|
+
"version": "8.17.1",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"path": "node_modules/ajv",
|
|
7
|
+
"repository": "ajv-validator/ajv",
|
|
8
|
+
"dependencyTypes": [
|
|
9
|
+
"dependencies"
|
|
10
|
+
]
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
"name": "ajv-formats",
|
|
14
|
+
"version": "3.0.1",
|
|
15
|
+
"license": "MIT",
|
|
16
|
+
"path": "node_modules/ajv-formats",
|
|
17
|
+
"repository": {
|
|
18
|
+
"type": "git",
|
|
19
|
+
"url": "git+https://github.com/ajv-validator/ajv-formats.git"
|
|
20
|
+
},
|
|
21
|
+
"dependencyTypes": [
|
|
22
|
+
"dependencies"
|
|
23
|
+
]
|
|
24
|
+
},
|
|
25
|
+
{
|
|
26
|
+
"name": "fast-deep-equal",
|
|
27
|
+
"version": "3.1.3",
|
|
28
|
+
"license": "MIT",
|
|
29
|
+
"path": "node_modules/fast-deep-equal",
|
|
30
|
+
"repository": {
|
|
31
|
+
"type": "git",
|
|
32
|
+
"url": "git+https://github.com/epoberezkin/fast-deep-equal.git"
|
|
33
|
+
},
|
|
34
|
+
"dependencyTypes": [
|
|
35
|
+
"dependencies"
|
|
36
|
+
]
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
"name": "fast-uri",
|
|
40
|
+
"version": "3.1.0",
|
|
41
|
+
"license": "BSD-3-Clause",
|
|
42
|
+
"path": "node_modules/fast-uri",
|
|
43
|
+
"repository": {
|
|
44
|
+
"type": "git",
|
|
45
|
+
"url": "git+https://github.com/fastify/fast-uri.git"
|
|
46
|
+
},
|
|
47
|
+
"dependencyTypes": [
|
|
48
|
+
"dependencies"
|
|
49
|
+
]
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
"name": "json-schema-traverse",
|
|
53
|
+
"version": "1.0.0",
|
|
54
|
+
"license": "MIT",
|
|
55
|
+
"path": "node_modules/json-schema-traverse",
|
|
56
|
+
"repository": {
|
|
57
|
+
"type": "git",
|
|
58
|
+
"url": "git+https://github.com/epoberezkin/json-schema-traverse.git"
|
|
59
|
+
},
|
|
60
|
+
"dependencyTypes": [
|
|
61
|
+
"dependencies"
|
|
62
|
+
]
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"name": "periapsis",
|
|
66
|
+
"version": "1.0.1",
|
|
67
|
+
"license": "MIT",
|
|
68
|
+
"path": "node_modules/periapsis",
|
|
69
|
+
"repository": {
|
|
70
|
+
"type": "git",
|
|
71
|
+
"url": "https://github.com/scfast/periapsis"
|
|
72
|
+
},
|
|
73
|
+
"dependencyTypes": [
|
|
74
|
+
"devDependencies"
|
|
75
|
+
]
|
|
76
|
+
},
|
|
77
|
+
{
|
|
78
|
+
"name": "require-from-string",
|
|
79
|
+
"version": "2.0.2",
|
|
80
|
+
"license": "MIT",
|
|
81
|
+
"path": "node_modules/require-from-string",
|
|
82
|
+
"repository": "floatdrop/require-from-string",
|
|
83
|
+
"dependencyTypes": [
|
|
84
|
+
"dependencies"
|
|
85
|
+
]
|
|
86
|
+
},
|
|
2
87
|
{
|
|
3
88
|
"name": "semver",
|
|
4
89
|
"version": "7.7.4",
|
|
@@ -7,6 +92,39 @@
|
|
|
7
92
|
"repository": {
|
|
8
93
|
"type": "git",
|
|
9
94
|
"url": "git+https://github.com/npm/node-semver.git"
|
|
10
|
-
}
|
|
95
|
+
},
|
|
96
|
+
"dependencyTypes": [
|
|
97
|
+
"dependencies"
|
|
98
|
+
]
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"name": "spdx-exceptions",
|
|
102
|
+
"version": "2.5.0",
|
|
103
|
+
"license": "CC-BY-3.0",
|
|
104
|
+
"path": "node_modules/spdx-exceptions",
|
|
105
|
+
"repository": "kemitchell/spdx-exceptions.json",
|
|
106
|
+
"dependencyTypes": [
|
|
107
|
+
"dependencies"
|
|
108
|
+
]
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
"name": "spdx-expression-parse",
|
|
112
|
+
"version": "4.0.0",
|
|
113
|
+
"license": "MIT",
|
|
114
|
+
"path": "node_modules/spdx-expression-parse",
|
|
115
|
+
"repository": "jslicense/spdx-expression-parse.js",
|
|
116
|
+
"dependencyTypes": [
|
|
117
|
+
"dependencies"
|
|
118
|
+
]
|
|
119
|
+
},
|
|
120
|
+
{
|
|
121
|
+
"name": "spdx-license-ids",
|
|
122
|
+
"version": "3.0.22",
|
|
123
|
+
"license": "CC0-1.0",
|
|
124
|
+
"path": "node_modules/spdx-license-ids",
|
|
125
|
+
"repository": "jslicense/spdx-license-ids",
|
|
126
|
+
"dependencyTypes": [
|
|
127
|
+
"dependencies"
|
|
128
|
+
]
|
|
11
129
|
}
|
|
12
130
|
]
|