fosslight-dependency 4.1.30__tar.gz → 4.1.32__tar.gz

{fosslight_dependency-4.1.30 → fosslight_dependency-4.1.32}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_dependency
-Version: 4.1.30
+Version: 4.1.32
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Download-URL: https://github.com/fosslight/fosslight_dependency_scanner

{fosslight_dependency-4.1.30 → fosslight_dependency-4.1.32}/setup.py

@@ -35,7 +35,7 @@ if __name__ == "__main__":
 
     setup(
         name=_PACKAEG_NAME,
-        version='4.1.30',
+        version='4.1.32',
         package_dir={"": "src"},
         packages=find_namespace_packages(where='src'),
         description='FOSSLight Dependency Scanner',

fosslight_dependency-4.1.32/src/fosslight_dependency/_help.py

@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2021 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+from fosslight_util.help import PrintHelpMsg, print_package_version
+from fosslight_util.output_format import SUPPORT_FORMAT
+
+_HELP_MESSAGE_DEPENDENCY = f"""
+    📖 Usage
+    ────────────────────────────────────────────────────────────────────
+    fosslight_dependency [options] <arguments>
+
+    📝 Description
+    ────────────────────────────────────────────────────────────────────
+    FOSSLight Dependency Scanner analyzes dependencies for multiple package
+    managers. It detects manifest files automatically and generates reports
+    containing OSS information of dependencies.
+
+    📚 Guide: https://fosslight.org/fosslight-guide/scanner/3_dependency.html
+
+    📦 Supported Package Managers
+    ────────────────────────────────────────────────────────────────────
+    Gradle, Maven (Java)          │ NPM, PNPM, Yarn (Node.js)
+    PIP (Python)                  │ Pub (Dart/Flutter)
+    Cocoapods, Swift, Carthage    │ Go (Go)
+    Nuget (.NET)                  │ Helm (Kubernetes)
+    Unity (Unity)                 │ Cargo (Rust)
+
+    ⚙️  General Options
+    ────────────────────────────────────────────────────────────────────
+    -p <path>              Path to analyze (default: current directory)
+    -o <path>              Output file path or directory
+    -f <format>            Output formats: {', '.join(SUPPORT_FORMAT)}
+    -e <pattern>           Exclude paths from analysis (files and directories)
+                           ⚠️  IMPORTANT: Always wrap in quotes to avoid shell expansion
+                           Example: fosslight_dependency -e "test/" "node_modules/"
+    -h                     Show this help message
+    -v                     Show version information
+
+    🔍 Scanner-Specific Options
+    ────────────────────────────────────────────────────────────────────
+    -m <manager>           Specify package manager (npm, maven, gradle, pypi, pub,
+                           cocoapods, android, swift, carthage, go, nuget, helm,
+                           unity, cargo, pnpm, yarn)
+    -r                     Recursive mode: scan all subdirectories for manifest files
+    --graph-path <path>    Save dependency graph image (pdf, jpg, png) (recommend pdf extension)
+                           Example: fosslight_dependency --graph-path /your/path/filename.[pdf, jpg, png]
+    --graph-format <format> Set graph image format (default: pdf)
+    --graph-size <w> <h>   Set graph image size in pixels (requires --graph-path)
+    --direct <True|False>  Print direct/transitive dependency type
+                           Choose True or False (default: True)
+    --notice               Print the open source license notice text
+
+    🔧 Package Manager Specific Options
+    ────────────────────────────────────────────────────────────────────
+    Swift, Carthage:
+      -t <token>           GitHub personal access token
+
+    Pypi:
+      -a <cmd>             Virtual environment activate command
+                           (ex: 'conda activate myenv')
+      -d <cmd>             Virtual environment deactivate command
+                           (ex: 'conda deactivate')
+
+    Gradle, Maven:
+      -c <dir>             Customized build output directory
+                           (default: 'build' for gradle, 'target' for maven)
+
+    Android:
+      -n <name>            Application directory name (default: app)
+
+    💡 Examples
+    ────────────────────────────────────────────────────────────────────
+    # Scan current directory
+    fosslight_dependency
+
+    # Scan specific path with exclusions
+    fosslight_dependency -p /path/to/project -e "test/" "vendor/"
+
+    # Generate output in specific format
+    fosslight_dependency -f excel -o results/
+
+    # Specify package manager
+    fosslight_dependency -m npm -p /path/to/nodejs/project
+
+    # Recursive scan with all subdirectories
+    fosslight_dependency -r
+
+    # Generate dependency graph
+    fosslight_dependency --graph-path dependency_tree.pdf
+"""
+
+
+def print_version(pkg_name: str) -> None:
+    print_package_version(pkg_name, "FOSSLight Dependency Scanner Version:")
+
+
+def print_help_msg():
+    helpMsg = PrintHelpMsg(_HELP_MESSAGE_DEPENDENCY)
+    helpMsg.print_help_msg(True)

{fosslight_dependency-4.1.30 → fosslight_dependency-4.1.32}/src/fosslight_dependency/package_manager/Npm.py

@@ -195,8 +195,7 @@ class Npm(PackageManager):
             else:
                 npm_url_exists = False
                 if self._network_available is True:
-                    npm_url_exists = self._npm_url_exists(oss_init_name)
-
+                    npm_url_exists = self._npm_url_exists(oss_init_name, oss_item.version)
                 if self._network_available and not npm_url_exists:
                     oss_item.homepage = repo_url or ""
                     oss_item.download_location = oss_item.homepage
@@ -242,8 +241,11 @@ class Npm(PackageManager):
             self._network_available = False
         return self._network_available
 
-    def _npm_url_exists(self, package_name: str) -> bool:
-        url = f"https://registry.npmjs.org/{package_name}"
+    def _npm_url_exists(self, package_name: str, oss_version="") -> bool:
+        if oss_version:
+            url = f"https://registry.npmjs.org/{package_name}/{oss_version}"
+        else:
+            url = f"https://registry.npmjs.org/{package_name}"
         try:
             resp = requests.head(url, timeout=3, allow_redirects=True)
             if resp.status_code == 405:

{fosslight_dependency-4.1.30 → fosslight_dependency-4.1.32}/src/fosslight_dependency/package_manager/Pypi.py

@@ -10,6 +10,7 @@ import json
 import shutil
 import copy
 import re
+import sys
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
@@ -51,6 +52,89 @@ class Pypi(PackageManager):
     def set_pip_deactivate_cmd(self, pip_deactivate_cmd):
         self.pip_deactivate_cmd = pip_deactivate_cmd
 
+    def get_virtualenv_site_packages(self):
+        site_packages = ''
+        try:
+            venv_path = os.path.join(self.input_dir, self.venv_tmp_dir)
+            if os.path.exists(venv_path):
+                site_packages = os.path.join(
+                    venv_path, 'lib',
+                    f"python{sys.version_info.major}.{sys.version_info.minor}",
+                    'site-packages'
+                )
+                if os.path.exists(site_packages):
+                    return site_packages
+
+            if self.pip_activate_cmd:
+                activate_cmd = self.pip_activate_cmd
+                if activate_cmd.startswith('. '):
+                    activate_cmd = activate_cmd[2:]
+                elif activate_cmd.startswith('source '):
+                    activate_cmd = activate_cmd[7:]
+
+                if 'bin/activate' in activate_cmd or 'Scripts/activate' in activate_cmd:
+                    venv_path = activate_cmd.replace('/bin/activate', '')
+                    venv_path = venv_path.replace('\\Scripts\\activate.bat', '')
+                    venv_path = venv_path.replace('\\Scripts\\activate', '')
+
+                    if not os.path.isabs(venv_path):
+                        venv_path = os.path.join(self.input_dir, venv_path)
+
+                    if os.path.exists(venv_path):
+                        for lib_dir in ['lib', 'Lib']:
+                            site_packages = os.path.join(
+                                venv_path, lib_dir,
+                                f"python{sys.version_info.major}.{sys.version_info.minor}",
+                                'site-packages'
+                            )
+                            if os.path.exists(site_packages):
+                                return site_packages
+                        site_packages = os.path.join(venv_path, 'Lib', 'site-packages')
+                        if os.path.exists(site_packages):
+                            return site_packages
+
+                if 'conda' in activate_cmd:
+                    site_packages = ''
+        except Exception as e:
+            logger.debug(f"Failed to get virtualenv site-packages: {e}")
+            site_packages = ''
+        return site_packages
+
+    def get_license_from_file(self, package_name, version, license_files_metadata=None):
+        license_names = []
+        try:
+            if not license_files_metadata:
+                return []
+            normalized_name = re.sub(r"[-_.]+", "_", package_name)
+            dist_info_name = f"{normalized_name}-{version}.dist-info"
+
+            site_packages = self.get_virtualenv_site_packages()
+            if not site_packages:
+                logger.debug("Could not find site-packages directory")
+                return []
+
+            dist_info_path = os.path.join(site_packages, dist_info_name)
+            if not os.path.exists(dist_info_path):
+                return []
+
+            for license_file in license_files_metadata:
+                license_file_path = os.path.join(dist_info_path, license_file)
+                if os.path.isfile(license_file_path):
+                    license_name = check_license_name(license_file_path, is_filepath=True)
+                    if license_name and license_name not in license_names:
+                        license_names.append(license_name)
+                else:
+                    if '/' not in license_file:
+                        for root, _, files in os.walk(dist_info_path):
+                            if license_file in files:
+                                found_path = os.path.join(root, license_file)
+                                license_name = check_license_name(found_path, is_filepath=True)
+                                if license_name and license_name not in license_names:
+                                    license_names.append(license_name)
+        except Exception as e:
+            logger.debug(f"Failed to read license file for {package_name}: {e}")
+        return license_names
+
     def run_plugin(self):
         ret = True
 
@@ -275,22 +359,34 @@ class Pypi(PackageManager):
                 oss_item.name = f"{self.package_manager_name}:{oss_init_name}"
                 oss_item.version = metadata.get('version', '')
 
-                # license_expression > license > classifier
+                # license_expression > classifier > license > license_file
                 license_info = check_UNKNOWN(metadata.get('license_expression', ''))
-                if not license_info:
-                    license_info = metadata.get('license', '')
-                    if '\n' in license_info:
-                        license_info = check_UNKNOWN(check_license_name(license_info))
                 if not license_info:
                     classifiers = metadata.get('classifier', [])
                     license_classifiers = [c for c in classifiers if c.startswith('License ::')]
                     if license_classifiers:
                         license_info_l = []
                         for license_classifier in license_classifiers:
-                            if license_classifier.startswith('License :: OSI Approved ::'):
-                                license_info_l.append(license_classifier.split('::')[-1].strip())
-                                break
+                            parts = license_classifier.split(' :: ')
+                            if len(parts) >= 2:
+                                license_name = parts[-1].strip()
+                                if license_name and license_name != 'OSI Approved':
+                                    license_info_l.append(license_name)
+                                    break
                         license_info = ','.join(license_info_l)
+                if not license_info:
+                    license_info = metadata.get('license', '')
+                    if '\n' in license_info:
+                        license_info = check_UNKNOWN(check_license_name(license_info))
+                if not license_info:
+                    license_files_meta = metadata.get('license_file')
+                    license_info_list = self.get_license_from_file(
+                        oss_init_name,
+                        oss_item.version,
+                        license_files_meta
+                    )
+                    if license_info_list:
+                        license_info = ','.join(license_info_list)
                 license_name = check_UNKNOWN(license_info)
                 if license_name:
                     license_name = license_name.replace(';', ',')

{fosslight_dependency-4.1.30 → fosslight_dependency-4.1.32}/src/fosslight_dependency.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fosslight_dependency
-Version: 4.1.30
+Version: 4.1.32
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Download-URL: https://github.com/fosslight/fosslight_dependency_scanner

fosslight_dependency-4.1.30/src/fosslight_dependency/_help.py

@@ -1,79 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-# Copyright (c) 2021 LG Electronics Inc.
-# SPDX-License-Identifier: Apache-2.0
-from fosslight_util.help import PrintHelpMsg, print_package_version
-from fosslight_util.output_format import SUPPORT_FORMAT
-
-_HELP_MESSAGE_DEPENDENCY = f"""
-    Usage: fosslight_dependency [option1] <arg1> [option2] <arg2>...
-
-    FOSSLight Dependency Scanner is the tool that supports the analysis of dependencies for multiple package managers.
-    It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools.
-    Then, it generates the report file that contains OSS information of dependencies.
-
-    Currently, it supports the following package managers:
-        Gradle (Java)
-        Maven (Java)
-        NPM (Node.js)
-        PNPM (Node.js)
-        Yarn (Node.js)
-        PIP (Python)
-        Pub (Dart with flutter)
-        Cocoapods (Swift/Obj-C)
-        Swift (Swift)
-        Carthage (Swift/Obj-C)
-        Go (Go)
-        Nuget (.NET)
-        Helm (Kubernetes)
-        Unity (Unity)
-        Cargo (Rust)
-
-    Options:
-        Optional
-            -h\t\t\t\t    Print help message.
-            -v\t\t\t\t    Print the version of the script.
-            -m <package_manager>\t    Enter the package manager.
-                                        \t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage,
-                                        \t go, nuget, helm, unity, cargo, pnpm, yarn)
-            -p <input_path>\t\t    Enter the path where the script will be run.
-            -e <exclude_path>\t\t    Enter the path where the analysis will not be performed (files and directories).
-            \t\t\t\t    * IMPORTANT: Always wrap patterns in double quotes ("") to avoid shell expansion.
-            \t\t\t\t      Example) fosslight_dependency -e "test/abc.py" "*.jar"
-            -o <output_path>\t\t    Output path
-            \t\t\t\t\t(If you want to generate the specific file name, add the output path with file name.)
-            -f <format> [<format> ...]\t    Output formats
-            \t\t\t\t    \t({', '.join(SUPPORT_FORMAT)})
-            \t\t\t\t    Multiple formats can be specified separated by space.
-            --graph-path <save_path> \t    Enter the path where the graph image will be saved
-            \t\t\t\t\t(ex. /your/directory/path/filename.[pdf, jpg, png]) (recommend pdf extension)
-            --graph-size <width> <height>   Enter the size of the graph image (The size unit is pixels)
-            \t\t\t\t\t--graph-path option is required
-            --direct\t\t\t    Print the direct/transitive dependency type in comment.
-                                \t\tChoice 'True' or 'False'. (default:True)
-            -r\t\t\t\t    Recursive mode. Scan all subdirectories for manifest files.
-            --notice\t\t\t    Print the open source license notice text.
-
-        Required only for swift, carthage
-            -t <token>\t\t\t    Enter the github personal access token.
-
-        Optional only for pypi
-            -a <activate_cmd>\t\t    Virtual environment activate command(ex, 'conda activate (venv name)')
-            -d <deactivate_cmd>\t\t    Virtual environment deactivate command(ex, 'conda deactivate')
-
-        Optional only for gradle, maven
-            -c <dir_name>\t\t    Enter the customized build output directory name
-                                    \t\t-Default name : 'build' for gradle, 'target' for maven
-
-        Optional only for android
-            -n <app_name>\t\t    Enter the application directory name where the plugin output file is located(default: app)
-        """
-
-
-def print_version(pkg_name: str) -> None:
-    print_package_version(pkg_name, "FOSSLight Dependency Scanner Version:")
-
-
-def print_help_msg():
-    helpMsg = PrintHelpMsg(_HELP_MESSAGE_DEPENDENCY)
-    helpMsg.print_help_msg(True)