fosslight-dependency 4.1.20__py3-none-any.whl → 4.1.22__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- fosslight_dependency/_analyze_dependency.py +25 -2
- fosslight_dependency/_help.py +2 -1
- fosslight_dependency/constant.py +2 -0
- fosslight_dependency/package_manager/Maven.py +18 -13
- fosslight_dependency/package_manager/Npm.py +7 -5
- fosslight_dependency/package_manager/Pypi.py +1 -1
- fosslight_dependency/package_manager/Yarn.py +222 -0
- fosslight_dependency/run_dependency_scanner.py +32 -15
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/METADATA +9 -2
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/RECORD +17 -16
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/Apache-2.0.txt +0 -0
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/LICENSE +0 -0
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/LicenseRef-3rd_party_licenses.txt +0 -0
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/MIT.txt +0 -0
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/WHEEL +0 -0
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/entry_points.txt +0 -0
- {fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/top_level.txt +0 -0
|
@@ -8,6 +8,7 @@ import logging
|
|
|
8
8
|
import fosslight_dependency.constant as const
|
|
9
9
|
from fosslight_dependency.package_manager.Pypi import Pypi
|
|
10
10
|
from fosslight_dependency.package_manager.Npm import Npm
|
|
11
|
+
from fosslight_dependency.package_manager.Yarn import Yarn
|
|
11
12
|
from fosslight_dependency.package_manager.Maven import Maven
|
|
12
13
|
from fosslight_dependency.package_manager.Gradle import Gradle
|
|
13
14
|
from fosslight_dependency.package_manager.Pub import Pub
|
|
@@ -32,11 +33,15 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
32
33
|
ret = True
|
|
33
34
|
package_dep_item_list = []
|
|
34
35
|
cover_comment = ''
|
|
36
|
+
npm_fallback_to_yarn = False
|
|
35
37
|
|
|
36
38
|
if package_manager_name == const.PYPI:
|
|
37
39
|
package_manager = Pypi(input_dir, output_dir, pip_activate_cmd, pip_deactivate_cmd)
|
|
38
40
|
elif package_manager_name == const.NPM:
|
|
39
41
|
package_manager = Npm(input_dir, output_dir)
|
|
42
|
+
npm_fallback_to_yarn = True
|
|
43
|
+
elif package_manager_name == const.YARN:
|
|
44
|
+
package_manager = Yarn(input_dir, output_dir)
|
|
40
45
|
elif package_manager_name == const.MAVEN:
|
|
41
46
|
package_manager = Maven(input_dir, output_dir, output_custom_dir)
|
|
42
47
|
elif package_manager_name == const.GRADLE:
|
|
@@ -66,7 +71,7 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
66
71
|
else:
|
|
67
72
|
logger.error(f"Not supported package manager name: {package_manager_name}")
|
|
68
73
|
ret = False
|
|
69
|
-
return ret, package_dep_item_list
|
|
74
|
+
return ret, package_dep_item_list, cover_comment, package_manager_name
|
|
70
75
|
|
|
71
76
|
if manifest_file_name:
|
|
72
77
|
package_manager.set_manifest_file(manifest_file_name)
|
|
@@ -74,6 +79,24 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
74
79
|
if direct:
|
|
75
80
|
package_manager.set_direct_dependencies(direct)
|
|
76
81
|
ret = package_manager.run_plugin()
|
|
82
|
+
|
|
83
|
+
if not ret and npm_fallback_to_yarn:
|
|
84
|
+
logger.warning("Npm analysis failed. Attempting to use Yarn as fallback...")
|
|
85
|
+
del package_manager
|
|
86
|
+
package_manager = Yarn(input_dir, output_dir)
|
|
87
|
+
package_manager_name = const.YARN
|
|
88
|
+
|
|
89
|
+
if manifest_file_name:
|
|
90
|
+
package_manager.set_manifest_file(manifest_file_name)
|
|
91
|
+
if direct:
|
|
92
|
+
package_manager.set_direct_dependencies(direct)
|
|
93
|
+
|
|
94
|
+
ret = package_manager.run_plugin()
|
|
95
|
+
if ret:
|
|
96
|
+
logger.info("Successfully switched to Yarn")
|
|
97
|
+
else:
|
|
98
|
+
logger.error("Yarn also failed")
|
|
99
|
+
|
|
77
100
|
if ret:
|
|
78
101
|
if direct:
|
|
79
102
|
package_manager.parse_direct_dependencies()
|
|
@@ -100,4 +123,4 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
|
|
|
100
123
|
|
|
101
124
|
del package_manager
|
|
102
125
|
|
|
103
|
-
return ret, package_dep_item_list, cover_comment
|
|
126
|
+
return ret, package_dep_item_list, cover_comment, package_manager_name
|
fosslight_dependency/_help.py
CHANGED
|
@@ -16,6 +16,7 @@ _HELP_MESSAGE_DEPENDENCY = """
|
|
|
16
16
|
Maven (Java)
|
|
17
17
|
NPM (Node.js)
|
|
18
18
|
PNPM (Node.js)
|
|
19
|
+
Yarn (Node.js)
|
|
19
20
|
PIP (Python)
|
|
20
21
|
Pub (Dart with flutter)
|
|
21
22
|
Cocoapods (Swift/Obj-C)
|
|
@@ -33,7 +34,7 @@ _HELP_MESSAGE_DEPENDENCY = """
|
|
|
33
34
|
-v\t\t\t\t Print the version of the script.
|
|
34
35
|
-m <package_manager>\t Enter the package manager.
|
|
35
36
|
\t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage,
|
|
36
|
-
\t go, nuget, helm, unity, cargo, pnpm)
|
|
37
|
+
\t go, nuget, helm, unity, cargo, pnpm, yarn)
|
|
37
38
|
-p <input_path>\t\t Enter the path where the script will be run.
|
|
38
39
|
-e <exclude_path>\t\t Enter the path where the analysis will not be performed.
|
|
39
40
|
-o <output_path>\t\t Output path
|
fosslight_dependency/constant.py
CHANGED
|
@@ -25,12 +25,14 @@ HELM = 'helm'
|
|
|
25
25
|
UNITY = 'unity'
|
|
26
26
|
CARGO = 'cargo'
|
|
27
27
|
PNPM = 'pnpm'
|
|
28
|
+
YARN = 'yarn'
|
|
28
29
|
|
|
29
30
|
# Supported package name and manifest file
|
|
30
31
|
SUPPORT_PACKAE = {
|
|
31
32
|
PYPI: ['requirements.txt', 'setup.py', 'pyproject.toml'],
|
|
32
33
|
PNPM: 'pnpm-lock.yaml',
|
|
33
34
|
NPM: 'package.json',
|
|
35
|
+
YARN: 'yarn.lock',
|
|
34
36
|
MAVEN: 'pom.xml',
|
|
35
37
|
GRADLE: 'build.gradle',
|
|
36
38
|
PUB: 'pubspec.yaml',
|
|
@@ -46,12 +46,13 @@ class Maven(PackageManager):
|
|
|
46
46
|
ret = True
|
|
47
47
|
|
|
48
48
|
if not os.path.isfile(self.input_file_name):
|
|
49
|
-
self.is_run_plugin = True
|
|
50
49
|
pom_backup = 'pom.xml_backup'
|
|
51
50
|
|
|
52
51
|
ret = self.add_plugin_in_pom(pom_backup)
|
|
53
52
|
if ret:
|
|
54
|
-
self.run_maven_plugin()
|
|
53
|
+
ret_plugin = self.run_maven_plugin()
|
|
54
|
+
if ret_plugin:
|
|
55
|
+
self.is_run_plugin = True
|
|
55
56
|
|
|
56
57
|
if os.path.isfile(pom_backup):
|
|
57
58
|
shutil.move(pom_backup, const.SUPPORT_PACKAE.get(self.package_manager_name))
|
|
@@ -133,6 +134,7 @@ class Maven(PackageManager):
|
|
|
133
134
|
shutil.rmtree(top_path)
|
|
134
135
|
|
|
135
136
|
def run_maven_plugin(self):
|
|
137
|
+
ret_plugin = True
|
|
136
138
|
logger.info('Run maven license scanning plugin with temporary pom.xml')
|
|
137
139
|
current_mode = ''
|
|
138
140
|
if os.path.isfile('mvnw') or os.path.isfile('mvnw.cmd'):
|
|
@@ -148,21 +150,24 @@ class Maven(PackageManager):
|
|
|
148
150
|
ret = subprocess.call(cmd, shell=True)
|
|
149
151
|
if ret != 0:
|
|
150
152
|
logger.error(f"Failed to run maven plugin: {cmd}")
|
|
153
|
+
ret_plugin = False
|
|
151
154
|
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
155
|
+
if ret_plugin:
|
|
156
|
+
cmd = f"{cmd_mvn} dependency:tree"
|
|
157
|
+
try:
|
|
158
|
+
ret_txt = subprocess.check_output(cmd, text=True, shell=True)
|
|
159
|
+
if ret_txt is not None:
|
|
160
|
+
self.parse_dependency_tree(ret_txt)
|
|
161
|
+
self.set_direct_dependencies(True)
|
|
162
|
+
else:
|
|
163
|
+
logger.error(f"Failed to run: {cmd}")
|
|
164
|
+
self.set_direct_dependencies(False)
|
|
165
|
+
except Exception as e:
|
|
166
|
+
logger.error(f"Failed to run '{cmd}': {e}")
|
|
160
167
|
self.set_direct_dependencies(False)
|
|
161
|
-
except Exception as e:
|
|
162
|
-
logger.error(f"Failed to run '{cmd}': {e}")
|
|
163
|
-
self.set_direct_dependencies(False)
|
|
164
168
|
if current_mode:
|
|
165
169
|
change_file_mode(cmd_mvn, current_mode)
|
|
170
|
+
return ret_plugin
|
|
166
171
|
|
|
167
172
|
def create_dep_stack(self, dep_line):
|
|
168
173
|
dep_stack = []
|
|
@@ -53,7 +53,7 @@ class Npm(PackageManager):
|
|
|
53
53
|
self.flag_tmp_node_modules = True
|
|
54
54
|
cmd_ret = subprocess.call(npm_install_cmd, shell=True)
|
|
55
55
|
if cmd_ret != 0:
|
|
56
|
-
logger.error(f"{npm_install_cmd}
|
|
56
|
+
logger.error(f"{npm_install_cmd} failed")
|
|
57
57
|
return False
|
|
58
58
|
|
|
59
59
|
# customized json file for obtaining specific items with license-checker
|
|
@@ -109,13 +109,15 @@ class Npm(PackageManager):
|
|
|
109
109
|
cmd = 'npm ls -a --omit=dev --json -s'
|
|
110
110
|
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, encoding='utf-8')
|
|
111
111
|
rel_tree = result.stdout
|
|
112
|
-
if rel_tree
|
|
113
|
-
logger.error(f"
|
|
114
|
-
|
|
112
|
+
if not rel_tree or rel_tree.strip() == '':
|
|
113
|
+
logger.error(f"No output for {cmd}, stderr: {result.stderr}")
|
|
114
|
+
ret = False
|
|
115
|
+
elif result.returncode > 1:
|
|
116
|
+
logger.error(f"'{cmd}' failed with exit code({result.returncode}), stderr: {result.stderr}")
|
|
115
117
|
ret = False
|
|
116
118
|
if ret:
|
|
117
119
|
if result.returncode == 1:
|
|
118
|
-
logger.
|
|
120
|
+
logger.debug(f"'{cmd}' has warnings: {result.stderr}")
|
|
119
121
|
|
|
120
122
|
try:
|
|
121
123
|
rel_json = json.loads(rel_tree)
|
|
@@ -239,7 +239,7 @@ class Pypi(PackageManager):
|
|
|
239
239
|
metadata = package.get('metadata', {})
|
|
240
240
|
package_name = metadata.get('name', '')
|
|
241
241
|
if package_name:
|
|
242
|
-
if package_name in ['pip', 'setuptools']:
|
|
242
|
+
if package_name in ['pip', 'setuptools', 'wheel']:
|
|
243
243
|
continue
|
|
244
244
|
self.total_dep_list.append(re.sub(r"[-_.]+", "-", package_name).lower())
|
|
245
245
|
else:
|
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
#!/usr/bin/env python
|
|
2
|
+
# -*- coding: utf-8 -*-
|
|
3
|
+
# Copyright (c) 2025 LG Electronics Inc.
|
|
4
|
+
# SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
|
|
6
|
+
import os
|
|
7
|
+
import logging
|
|
8
|
+
import subprocess
|
|
9
|
+
import json
|
|
10
|
+
import fosslight_util.constant as constant
|
|
11
|
+
import fosslight_dependency.constant as const
|
|
12
|
+
from fosslight_dependency.package_manager.Npm import Npm
|
|
13
|
+
from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
|
|
14
|
+
from fosslight_util.oss_item import OssItem
|
|
15
|
+
from fosslight_dependency._package_manager import get_url_to_purl
|
|
16
|
+
from fosslight_dependency.package_manager.Npm import check_multi_license, check_unknown_license
|
|
17
|
+
|
|
18
|
+
logger = logging.getLogger(constant.LOGGER_NAME)
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
class Yarn(Npm):
|
|
22
|
+
|
|
23
|
+
def __init__(self, input_dir, output_dir):
|
|
24
|
+
super().__init__(input_dir, output_dir)
|
|
25
|
+
self.package_manager_name = const.YARN
|
|
26
|
+
self.yarn_version = None
|
|
27
|
+
|
|
28
|
+
def detect_yarn_version(self):
|
|
29
|
+
"""Detect Yarn version (1.x = Classic, 2+ = Berry)"""
|
|
30
|
+
if self.yarn_version is not None:
|
|
31
|
+
return self.yarn_version
|
|
32
|
+
|
|
33
|
+
try:
|
|
34
|
+
result = subprocess.run('yarn -v', shell=True, capture_output=True, text=True, encoding='utf-8')
|
|
35
|
+
if result.returncode == 0:
|
|
36
|
+
version_str = result.stdout.strip()
|
|
37
|
+
major_version = int(version_str.split('.')[0])
|
|
38
|
+
self.yarn_version = major_version
|
|
39
|
+
logger.info(f"Detected Yarn version: {version_str} (major: {major_version})")
|
|
40
|
+
return major_version
|
|
41
|
+
except Exception as e:
|
|
42
|
+
logger.warning(f"Failed to detect Yarn version: {e}")
|
|
43
|
+
return None
|
|
44
|
+
|
|
45
|
+
def start_license_checker(self):
|
|
46
|
+
ret = True
|
|
47
|
+
license_checker_cmd = f'license-checker --production --json --out {self.input_file_name}'
|
|
48
|
+
custom_path_option = ' --customPath '
|
|
49
|
+
node_modules = 'node_modules'
|
|
50
|
+
|
|
51
|
+
self.detect_yarn_version()
|
|
52
|
+
|
|
53
|
+
# For Yarn Berry (2+), check if using PnP mode
|
|
54
|
+
is_pnp_mode = False
|
|
55
|
+
if self.yarn_version and self.yarn_version >= 2:
|
|
56
|
+
# Check if .pnp.cjs exists (PnP mode indicator)
|
|
57
|
+
if os.path.exists('.pnp.cjs') or os.path.exists('.pnp.js'):
|
|
58
|
+
is_pnp_mode = True
|
|
59
|
+
logger.info("Detected Yarn Berry with PnP mode")
|
|
60
|
+
|
|
61
|
+
if not os.path.isdir(node_modules):
|
|
62
|
+
logger.info("node_modules directory does not exist.")
|
|
63
|
+
self.flag_tmp_node_modules = True
|
|
64
|
+
|
|
65
|
+
# For PnP mode, try to force node_modules creation
|
|
66
|
+
if is_pnp_mode:
|
|
67
|
+
logger.info("Attempting to create node_modules for PnP project...")
|
|
68
|
+
yarn_install_cmd = 'YARN_NODE_LINKER=node-modules yarn install --production --ignore-scripts'
|
|
69
|
+
logger.info(f"Executing: {yarn_install_cmd}")
|
|
70
|
+
else:
|
|
71
|
+
yarn_install_cmd = 'yarn install --production --ignore-scripts'
|
|
72
|
+
logger.info(f"Executing: {yarn_install_cmd}")
|
|
73
|
+
|
|
74
|
+
cmd_ret = subprocess.call(yarn_install_cmd, shell=True)
|
|
75
|
+
if cmd_ret != 0:
|
|
76
|
+
logger.error(f"{yarn_install_cmd} failed")
|
|
77
|
+
if is_pnp_mode:
|
|
78
|
+
logger.error("Yarn Berry PnP mode detected. Consider setting 'nodeLinker: node-modules' in .yarnrc.yml")
|
|
79
|
+
return False
|
|
80
|
+
else:
|
|
81
|
+
logger.info(f"Successfully executed {yarn_install_cmd}")
|
|
82
|
+
|
|
83
|
+
self.make_custom_json(self.tmp_custom_json)
|
|
84
|
+
|
|
85
|
+
cmd = license_checker_cmd + custom_path_option + self.tmp_custom_json
|
|
86
|
+
cmd_ret = subprocess.call(cmd, shell=True)
|
|
87
|
+
if cmd_ret != 0:
|
|
88
|
+
logger.error(f"It returns the error: {cmd}")
|
|
89
|
+
logger.error("Please check if the license-checker is installed.(sudo npm install -g license-checker)")
|
|
90
|
+
ret = False
|
|
91
|
+
else:
|
|
92
|
+
self.append_input_package_list_file(self.input_file_name)
|
|
93
|
+
if os.path.exists(self.tmp_custom_json):
|
|
94
|
+
os.remove(self.tmp_custom_json)
|
|
95
|
+
|
|
96
|
+
return ret
|
|
97
|
+
|
|
98
|
+
def parse_oss_information(self, f_name):
|
|
99
|
+
with open(f_name, 'r', encoding='utf8') as json_file:
|
|
100
|
+
json_data = json.load(json_file)
|
|
101
|
+
|
|
102
|
+
_licenses = 'licenses'
|
|
103
|
+
_repository = 'repository'
|
|
104
|
+
_private = 'private'
|
|
105
|
+
|
|
106
|
+
keys = [key for key in json_data]
|
|
107
|
+
purl_dict = {}
|
|
108
|
+
for i in range(0, len(keys)):
|
|
109
|
+
dep_item = DependencyItem()
|
|
110
|
+
oss_item = OssItem()
|
|
111
|
+
d = json_data.get(keys[i - 1])
|
|
112
|
+
oss_init_name = d['name']
|
|
113
|
+
oss_item.name = f'{const.NPM}:{oss_init_name}'
|
|
114
|
+
|
|
115
|
+
if d[_licenses]:
|
|
116
|
+
license_name = d[_licenses]
|
|
117
|
+
else:
|
|
118
|
+
license_name = ''
|
|
119
|
+
|
|
120
|
+
oss_item.version = d['version']
|
|
121
|
+
package_path = d['path']
|
|
122
|
+
|
|
123
|
+
private_pkg = False
|
|
124
|
+
if _private in d:
|
|
125
|
+
if d[_private]:
|
|
126
|
+
private_pkg = True
|
|
127
|
+
|
|
128
|
+
oss_item.download_location = f"{self.dn_url}{oss_init_name}/v/{oss_item.version}"
|
|
129
|
+
dn_loc = f"{self.dn_url}{oss_init_name}"
|
|
130
|
+
dep_item.purl = get_url_to_purl(oss_item.download_location, self.package_manager_name)
|
|
131
|
+
purl_dict[f'{oss_init_name}({oss_item.version})'] = dep_item.purl
|
|
132
|
+
if d[_repository]:
|
|
133
|
+
dn_loc = d[_repository]
|
|
134
|
+
elif private_pkg:
|
|
135
|
+
dn_loc = ''
|
|
136
|
+
|
|
137
|
+
oss_item.homepage = dn_loc
|
|
138
|
+
|
|
139
|
+
if private_pkg:
|
|
140
|
+
oss_item.download_location = oss_item.homepage
|
|
141
|
+
oss_item.comment = 'private'
|
|
142
|
+
if self.package_name == f'{oss_init_name}({oss_item.version})':
|
|
143
|
+
oss_item.comment = 'root package'
|
|
144
|
+
elif self.direct_dep and len(self.relation_tree) > 0:
|
|
145
|
+
if f'{oss_init_name}({oss_item.version})' in self.relation_tree[self.package_name]:
|
|
146
|
+
oss_item.comment = 'direct'
|
|
147
|
+
else:
|
|
148
|
+
oss_item.comment = 'transitive'
|
|
149
|
+
|
|
150
|
+
if f'{oss_init_name}({oss_item.version})' in self.relation_tree:
|
|
151
|
+
dep_item.depends_on_raw = self.relation_tree[f'{oss_init_name}({oss_item.version})']
|
|
152
|
+
|
|
153
|
+
# For Yarn, use 'package.json' instead of yarn.lock for license info
|
|
154
|
+
manifest_file_path = os.path.join(package_path, 'package.json')
|
|
155
|
+
multi_license, license_comment, multi_flag = check_multi_license(license_name, manifest_file_path)
|
|
156
|
+
|
|
157
|
+
if multi_flag:
|
|
158
|
+
oss_item.comment = license_comment
|
|
159
|
+
license_name = multi_license
|
|
160
|
+
else:
|
|
161
|
+
license_name = license_name.replace(",", "")
|
|
162
|
+
license_name = check_unknown_license(license_name, manifest_file_path)
|
|
163
|
+
oss_item.license = license_name
|
|
164
|
+
|
|
165
|
+
dep_item.oss_items.append(oss_item)
|
|
166
|
+
self.dep_items.append(dep_item)
|
|
167
|
+
|
|
168
|
+
if self.direct_dep:
|
|
169
|
+
self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
|
|
170
|
+
return
|
|
171
|
+
|
|
172
|
+
def parse_rel_dependencies(self, rel_name, rel_ver, rel_dependencies):
|
|
173
|
+
"""Override to handle missing packages and packages without version"""
|
|
174
|
+
_dependencies = 'dependencies'
|
|
175
|
+
_version = 'version'
|
|
176
|
+
_peer = 'peerMissing'
|
|
177
|
+
_missing = 'missing'
|
|
178
|
+
|
|
179
|
+
for rel_dep_name in rel_dependencies.keys():
|
|
180
|
+
# Optional, non-installed dependencies are listed as empty objects
|
|
181
|
+
if rel_dependencies[rel_dep_name] == {}:
|
|
182
|
+
continue
|
|
183
|
+
if _peer in rel_dependencies[rel_dep_name]:
|
|
184
|
+
if rel_dependencies[rel_dep_name][_peer]:
|
|
185
|
+
continue
|
|
186
|
+
# Skip missing packages (not installed)
|
|
187
|
+
if _missing in rel_dependencies[rel_dep_name]:
|
|
188
|
+
if rel_dependencies[rel_dep_name][_missing]:
|
|
189
|
+
continue
|
|
190
|
+
# Skip if version key doesn't exist
|
|
191
|
+
if _version not in rel_dependencies[rel_dep_name]:
|
|
192
|
+
continue
|
|
193
|
+
|
|
194
|
+
if f'{rel_name}({rel_ver})' not in self.relation_tree:
|
|
195
|
+
self.relation_tree[f'{rel_name}({rel_ver})'] = []
|
|
196
|
+
elif f'{rel_dep_name}({rel_dependencies[rel_dep_name][_version]})' in self.relation_tree[f'{rel_name}({rel_ver})']:
|
|
197
|
+
continue
|
|
198
|
+
self.relation_tree[f'{rel_name}({rel_ver})'].append(f'{rel_dep_name}({rel_dependencies[rel_dep_name][_version]})')
|
|
199
|
+
if _dependencies in rel_dependencies[rel_dep_name]:
|
|
200
|
+
self.parse_rel_dependencies(rel_dep_name, rel_dependencies[rel_dep_name][_version],
|
|
201
|
+
rel_dependencies[rel_dep_name][_dependencies])
|
|
202
|
+
|
|
203
|
+
def parse_direct_dependencies(self):
|
|
204
|
+
if not self.direct_dep:
|
|
205
|
+
return
|
|
206
|
+
try:
|
|
207
|
+
# For Yarn, check if package.json exists (not yarn.lock)
|
|
208
|
+
# input_package_list_file[0] is the license-checker output file path
|
|
209
|
+
manifest_dir = os.path.dirname(self.input_package_list_file[0])
|
|
210
|
+
package_json_path = os.path.join(manifest_dir, 'package.json')
|
|
211
|
+
|
|
212
|
+
if os.path.isfile(package_json_path):
|
|
213
|
+
ret, err_msg = self.parse_transitive_relationship()
|
|
214
|
+
if not ret:
|
|
215
|
+
self.direct_dep = False
|
|
216
|
+
logger.warning(f'It cannot print direct/transitive dependency: {err_msg}')
|
|
217
|
+
else:
|
|
218
|
+
logger.info('Direct/transitive support is not possible because the package.json file does not exist.')
|
|
219
|
+
self.direct_dep = False
|
|
220
|
+
except Exception as e:
|
|
221
|
+
logger.warning(f'Cannot print direct/transitive dependency: {e}')
|
|
222
|
+
self.direct_dep = False
|
|
@@ -106,6 +106,22 @@ def find_package_manager(input_dir, abs_path_to_exclude=[], manifest_file_name=[
|
|
|
106
106
|
# both npm and pnpm are detected, remove npm.
|
|
107
107
|
if 'npm' in found_package_manager.keys() and 'pnpm' in found_package_manager.keys():
|
|
108
108
|
del found_package_manager['npm']
|
|
109
|
+
|
|
110
|
+
# both npm and yarn are detected, check which one to use based on lock file
|
|
111
|
+
if 'npm' in found_package_manager.keys() and 'yarn' in found_package_manager.keys():
|
|
112
|
+
# Remove npm from directories where yarn.lock exists
|
|
113
|
+
dirs_to_remove_from_npm = []
|
|
114
|
+
for yarn_dir in found_package_manager['yarn'].keys():
|
|
115
|
+
if yarn_dir in found_package_manager['npm']:
|
|
116
|
+
dirs_to_remove_from_npm.append(yarn_dir)
|
|
117
|
+
|
|
118
|
+
for dir_to_remove in dirs_to_remove_from_npm:
|
|
119
|
+
del found_package_manager['npm'][dir_to_remove]
|
|
120
|
+
|
|
121
|
+
# If npm has no directories left, remove it entirely
|
|
122
|
+
if not found_package_manager['npm']:
|
|
123
|
+
del found_package_manager['npm']
|
|
124
|
+
|
|
109
125
|
if len(found_package_manager) >= 1:
|
|
110
126
|
log_lines = ["\nDetected Manifest Files automatically"]
|
|
111
127
|
log_lines = print_package_info(found_package_manager, log_lines)
|
|
@@ -207,6 +223,7 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
|
|
|
207
223
|
autodetect = True
|
|
208
224
|
found_package_manager = {}
|
|
209
225
|
if package_manager:
|
|
226
|
+
scan_item.set_cover_comment(f"Manual detect mode (-m {package_manager})")
|
|
210
227
|
autodetect = False
|
|
211
228
|
support_packagemanager = list(const.SUPPORT_PACKAE.keys())
|
|
212
229
|
|
|
@@ -221,7 +238,6 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
|
|
|
221
238
|
manifest_file_name.extend(value)
|
|
222
239
|
else:
|
|
223
240
|
manifest_file_name.append(value)
|
|
224
|
-
scan_item.set_cover_comment(f"Manual detect mode (-m {package_manager})")
|
|
225
241
|
else:
|
|
226
242
|
manifest_file_name = []
|
|
227
243
|
|
|
@@ -259,33 +275,34 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
|
|
|
259
275
|
cover_comment = ''
|
|
260
276
|
for pm, manifest_file_name_list in found_package_manager.items():
|
|
261
277
|
if not manifest_file_name_list and not autodetect:
|
|
262
|
-
ret, package_dep_item_list, cover_comment = analyze_dependency(pm, input_dir, output_path,
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
278
|
+
ret, package_dep_item_list, cover_comment, actual_pm = analyze_dependency(pm, input_dir, output_path,
|
|
279
|
+
pip_activate_cmd, pip_deactivate_cmd,
|
|
280
|
+
output_custom_dir, app_name, github_token,
|
|
281
|
+
[], direct)
|
|
266
282
|
if ret:
|
|
267
|
-
success_pm[
|
|
283
|
+
success_pm[actual_pm][input_dir].extend(['manual mode (-m option)'])
|
|
268
284
|
scan_item.append_file_items(package_dep_item_list)
|
|
269
285
|
else:
|
|
270
|
-
fail_pm[
|
|
286
|
+
fail_pm[actual_pm][input_dir].extend(['manual mode (-m option)'])
|
|
271
287
|
else:
|
|
272
288
|
for manifest_dir, manifest_file_name in manifest_file_name_list.items():
|
|
273
289
|
input_dir = manifest_dir
|
|
274
290
|
if manifest_file_name == pass_key:
|
|
275
291
|
continue
|
|
276
292
|
os.chdir(input_dir)
|
|
277
|
-
ret, package_dep_item_list, cover_comment = analyze_dependency(pm, input_dir, output_path,
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
293
|
+
ret, package_dep_item_list, cover_comment, actual_pm = analyze_dependency(pm, input_dir, output_path,
|
|
294
|
+
pip_activate_cmd, pip_deactivate_cmd,
|
|
295
|
+
output_custom_dir, app_name,
|
|
296
|
+
github_token,
|
|
297
|
+
manifest_file_name, direct)
|
|
281
298
|
if ret:
|
|
282
|
-
success_pm[
|
|
299
|
+
success_pm[actual_pm][input_dir].extend(manifest_file_name)
|
|
283
300
|
scan_item.append_file_items(package_dep_item_list)
|
|
284
301
|
|
|
285
302
|
dup_pm = None
|
|
286
|
-
if
|
|
303
|
+
if actual_pm == const.GRADLE and const.ANDROID in found_package_manager:
|
|
287
304
|
dup_pm = const.ANDROID
|
|
288
|
-
elif
|
|
305
|
+
elif actual_pm == const.ANDROID and const.GRADLE in found_package_manager:
|
|
289
306
|
dup_pm = const.GRADLE
|
|
290
307
|
|
|
291
308
|
if dup_pm:
|
|
@@ -296,7 +313,7 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
|
|
|
296
313
|
else:
|
|
297
314
|
found_package_manager[dup_pm][manifest_dir] = pass_key
|
|
298
315
|
else:
|
|
299
|
-
fail_pm[
|
|
316
|
+
fail_pm[actual_pm][input_dir].extend(manifest_file_name)
|
|
300
317
|
|
|
301
318
|
success_pm = {k: dict(v) for k, v in success_pm.items()}
|
|
302
319
|
fail_pm = {k: dict(v) for k, v in fail_pm.items()}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: fosslight-dependency
|
|
3
|
-
Version: 4.1.
|
|
3
|
+
Version: 4.1.22
|
|
4
4
|
Summary: FOSSLight Dependency Scanner
|
|
5
5
|
Home-page: https://github.com/fosslight/fosslight_dependency_scanner
|
|
6
6
|
Download-URL: https://github.com/fosslight/fosslight_dependency_scanner
|
|
@@ -65,7 +65,7 @@ In this user guide, you can see how to install the FOSSLight Dependency Scanner
|
|
|
65
65
|
</thead>
|
|
66
66
|
<tbody>
|
|
67
67
|
<tr>
|
|
68
|
-
<td rowspan="
|
|
68
|
+
<td rowspan="3">Javascript</td>
|
|
69
69
|
<td>Npm</td>
|
|
70
70
|
<td>package.json</td>
|
|
71
71
|
<td>O</td>
|
|
@@ -78,6 +78,13 @@ In this user guide, you can see how to install the FOSSLight Dependency Scanner
|
|
|
78
78
|
<td>O</td>
|
|
79
79
|
<td>O</td>
|
|
80
80
|
<td>O</td>
|
|
81
|
+
</tr>
|
|
82
|
+
<tr>
|
|
83
|
+
<td>Yarn</td>
|
|
84
|
+
<td>package.json</td>
|
|
85
|
+
<td>O</td>
|
|
86
|
+
<td>O</td>
|
|
87
|
+
<td>O</td>
|
|
81
88
|
</tr>
|
|
82
89
|
<tr>
|
|
83
90
|
<td rowspan="2">Java</td>
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
fosslight_dependency/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
2
|
-
fosslight_dependency/_analyze_dependency.py,sha256=
|
|
2
|
+
fosslight_dependency/_analyze_dependency.py,sha256=TX86cl7BF3_kCsAQY459X9sqGqP0xbJI7hqnqe7IbnU,5598
|
|
3
3
|
fosslight_dependency/_graph_convertor.py,sha256=D8GwmJfuj9Wg3_DeKRPLGGdyHSLcoU2Q0VzKQbkJG4g,2267
|
|
4
|
-
fosslight_dependency/_help.py,sha256=
|
|
4
|
+
fosslight_dependency/_help.py,sha256=npxm927ZnlEoXKTwhtVyDRygq7ur7sKmn4xtg2vh86I,3624
|
|
5
5
|
fosslight_dependency/_package_manager.py,sha256=mN1ukEmZkm6COhxWm-mVfhCZkHppfFgXyXzBT1x02Sw,15016
|
|
6
|
-
fosslight_dependency/constant.py,sha256=
|
|
6
|
+
fosslight_dependency/constant.py,sha256=0Jr0D5T9S3AuLTEgepiqcKvW4nIJeqotz1lt_YDwbGU,1263
|
|
7
7
|
fosslight_dependency/dependency_item.py,sha256=wNLWcsNycf3HQ5Pib2WrMeo2dn0eHCRg20NLcL95Qew,3345
|
|
8
|
-
fosslight_dependency/run_dependency_scanner.py,sha256=
|
|
8
|
+
fosslight_dependency/run_dependency_scanner.py,sha256=4uocLr5HY2r9ouLI0NGLTI8TE-5g3aQlA9eaP7cqBHk,21338
|
|
9
9
|
fosslight_dependency/LICENSES/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
|
|
10
10
|
fosslight_dependency/LICENSES/LicenseRef-3rd_party_licenses.txt,sha256=EcsFt7aE1rp3OXAdJgmXayfOZdpRdBMcmRnyoqWMCsw,95687
|
|
11
11
|
fosslight_dependency/package_manager/Android.py,sha256=0UZFvbLxDIreerK4fR316YPyhUpPliV_kfZulrxkUyo,3218
|
|
@@ -15,21 +15,22 @@ fosslight_dependency/package_manager/Cocoapods.py,sha256=k_URV1ekMOU8l_y9_KIp_lu
|
|
|
15
15
|
fosslight_dependency/package_manager/Go.py,sha256=eEWvPoE3Jd0lMJAxWMNdFcoi21fJF0EwtRbjBDHF8KQ,7309
|
|
16
16
|
fosslight_dependency/package_manager/Gradle.py,sha256=IYmj9q3XiE_DPKdtll6lyRr98lFuyKWW2qz57X26Fn0,4359
|
|
17
17
|
fosslight_dependency/package_manager/Helm.py,sha256=ucx2Y0tWX37UHIzIGaRyTe7uQ2vlu2nUuO09hOMq9ZU,4223
|
|
18
|
-
fosslight_dependency/package_manager/Maven.py,sha256=
|
|
19
|
-
fosslight_dependency/package_manager/Npm.py,sha256=
|
|
18
|
+
fosslight_dependency/package_manager/Maven.py,sha256=ps6kxpB_aWMwjoNWFnXxetxn_y7iGDUz4NcNoxMmDNA,10709
|
|
19
|
+
fosslight_dependency/package_manager/Npm.py,sha256=cPKo3TewAPN8IQUUFlJZ7nc202_GnpMzGMl4gIF4St8,10982
|
|
20
20
|
fosslight_dependency/package_manager/Nuget.py,sha256=u4w084Qozk4nrVdT4o_nDiT8v4URIlXaOrDh11Hu1Bw,8885
|
|
21
21
|
fosslight_dependency/package_manager/Pnpm.py,sha256=LDKooFGQHui_Q5U7XqSJ8KcCPiLVndXf5oGKTJExh5w,7056
|
|
22
22
|
fosslight_dependency/package_manager/Pub.py,sha256=Rrz8_6wdrmMU6f3vbbuAwyMbODBauXNnBbI619OQgDk,10184
|
|
23
|
-
fosslight_dependency/package_manager/Pypi.py,sha256=
|
|
23
|
+
fosslight_dependency/package_manager/Pypi.py,sha256=Ae-mFl9jSgc1XrUdzAuKGuZA4nduSsWaC-u6VVjFNtg,17187
|
|
24
24
|
fosslight_dependency/package_manager/Swift.py,sha256=8fdbdAXTNlp2NDoSqQXm48JGAg9UhxA91M1-NhHkT40,6752
|
|
25
25
|
fosslight_dependency/package_manager/Unity.py,sha256=n1006GZ6Qrk8wAdO6wla1Q-JD7Evin7REVj-HDeTARc,5142
|
|
26
|
+
fosslight_dependency/package_manager/Yarn.py,sha256=8K2bTImdvPtuDT_Tz1StnBnx6DjoHWV1Wzb0WlhBRhw,9586
|
|
26
27
|
fosslight_dependency/package_manager/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
27
|
-
fosslight_dependency-4.1.
|
|
28
|
-
fosslight_dependency-4.1.
|
|
29
|
-
fosslight_dependency-4.1.
|
|
30
|
-
fosslight_dependency-4.1.
|
|
31
|
-
fosslight_dependency-4.1.
|
|
32
|
-
fosslight_dependency-4.1.
|
|
33
|
-
fosslight_dependency-4.1.
|
|
34
|
-
fosslight_dependency-4.1.
|
|
35
|
-
fosslight_dependency-4.1.
|
|
28
|
+
fosslight_dependency-4.1.22.dist-info/Apache-2.0.txt,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
|
|
29
|
+
fosslight_dependency-4.1.22.dist-info/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
|
|
30
|
+
fosslight_dependency-4.1.22.dist-info/LicenseRef-3rd_party_licenses.txt,sha256=EcsFt7aE1rp3OXAdJgmXayfOZdpRdBMcmRnyoqWMCsw,95687
|
|
31
|
+
fosslight_dependency-4.1.22.dist-info/METADATA,sha256=s2CAZTjyfixbchU-26Mzb9OKpRJ3_K-Op86QqX1qhw0,5319
|
|
32
|
+
fosslight_dependency-4.1.22.dist-info/MIT.txt,sha256=9cx4CbArgByWvkoEZNqpzbpJgA9TUe2D62rMocQpgfs,1082
|
|
33
|
+
fosslight_dependency-4.1.22.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
|
|
34
|
+
fosslight_dependency-4.1.22.dist-info/entry_points.txt,sha256=AeU-9Bl8al8Sa-XvhitGHdT3ZTPIrlhqADcp7s5OLF8,90
|
|
35
|
+
fosslight_dependency-4.1.22.dist-info/top_level.txt,sha256=Jc0V7VcVCH0TEM8ksb8dwroTYz4AmRaQnlr3FB71Hcs,21
|
|
36
|
+
fosslight_dependency-4.1.22.dist-info/RECORD,,
|
{fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/Apache-2.0.txt
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/entry_points.txt
RENAMED
|
File without changes
|
{fosslight_dependency-4.1.20.dist-info → fosslight_dependency-4.1.22.dist-info}/top_level.txt
RENAMED
|
File without changes
|