fosslight-dependency 4.1.7__tar.gz → 4.1.9__tar.gz

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight_dependency
-Version: 4.1.7
+Version: 4.1.9
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics
@@ -164,8 +164,8 @@ Description: <!--
 Platform: UNKNOWN
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Description-Content-Type: text/markdown

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/setup.py

@@ -35,7 +35,7 @@ if __name__ == "__main__":
 
     setup(
         name=_PACKAEG_NAME,
-        version='4.1.7',
+        version='4.1.9',
         package_dir={"": "src"},
         packages=find_namespace_packages(where='src'),
         description='FOSSLight Dependency Scanner',
@@ -47,15 +47,12 @@ if __name__ == "__main__":
         download_url='https://github.com/fosslight/fosslight_dependency_scanner',
         classifiers=['License :: OSI Approved :: Apache Software License',
                      "Programming Language :: Python :: 3",
-                     "Programming Language :: Python :: 3.6",
-                     "Programming Language :: Python :: 3.7",
                      "Programming Language :: Python :: 3.8",
-                     "Programming Language :: Python :: 3.9", ],
+                     "Programming Language :: Python :: 3.9",
+                     "Programming Language :: Python :: 3.10",
+                     "Programming Language :: Python :: 3.11", ],
         install_requires=required,
-        package_data={_PACKAEG_NAME: [os.path.join('third_party', 'nomos', 'nomossa'),
-                                      os.path.join('third_party', 'askalono', 'askalono.exe'),
-                                      os.path.join('third_party', 'askalono', 'askalono_macos'),
-                                      os.path.join(_LICENSE_DIR, '*')]},
+        package_data={_PACKAEG_NAME: [os.path.join(_LICENSE_DIR, '*')]},
         include_package_data=True,
         entry_points={
             "console_scripts": [

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/_analyze_dependency.py

@@ -20,6 +20,7 @@ from fosslight_dependency.package_manager.Nuget import Nuget
 from fosslight_dependency.package_manager.Helm import Helm
 from fosslight_dependency.package_manager.Unity import Unity
 from fosslight_dependency.package_manager.Cargo import Cargo
+from fosslight_dependency.package_manager.Pnpm import Pnpm
 import fosslight_util.constant as constant
 
 logger = logging.getLogger(constant.LOGGER_NAME)
@@ -60,6 +61,8 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
         package_manager = Unity(input_dir, output_dir)
     elif package_manager_name == const.CARGO:
         package_manager = Cargo(input_dir, output_dir)
+    elif package_manager_name == const.PNPM:
+        package_manager = Pnpm(input_dir, output_dir)
     else:
         logger.error(f"Not supported package manager name: {package_manager_name}")
         ret = False
@@ -84,7 +87,10 @@ def analyze_dependency(package_manager_name, input_dir, output_dir, pip_activate
             else:
                 logger.error(f"Failed to open input file: {f_name}")
                 ret = False
-
+        if package_manager_name == const.PNPM:
+            logger.info("Parse oss information for pnpm")
+            package_manager.parse_oss_information_for_pnpm()
+            package_dep_item_list.extend(package_manager.dep_items)
     if ret:
         logger.warning(f"### Complete to analyze: {package_manager_name}")
         if package_manager.cover_comment:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/_help.py

@@ -15,6 +15,7 @@ _HELP_MESSAGE_DEPENDENCY = """
         Gradle (Java)
         Maven (Java)
         NPM (Node.js)
+        PNPM (Node.js)
         PIP (Python)
         Pub (Dart with flutter)
         Cocoapods (Swift/Obj-C)
@@ -32,7 +33,7 @@ _HELP_MESSAGE_DEPENDENCY = """
             -v\t\t\t\t    Print the version of the script.
             -m <package_manager>\t    Enter the package manager.
                                         \t(npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage,
-                                        \t go, nuget, helm, unity, cargo)
+                                        \t go, nuget, helm, unity, cargo, pnpm)
             -p <input_path>\t\t    Enter the path where the script will be run.
             -e <exclude_path>\t\t    Enter the path where the analysis will not be performed.
             -o <output_path>\t\t    Output path

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/_package_manager.py

@@ -4,7 +4,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
 import os
-import sys
 import logging
 import platform
 import re
@@ -12,9 +11,10 @@ import base64
 import subprocess
 import shutil
 import stat
+from packageurl.contrib import url2purl
+from askalono import identify
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
-from packageurl.contrib import url2purl
 
 try:
     from github import Github
@@ -23,13 +23,9 @@ except Exception:
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 
-# binary url to check license text
-_license_scanner_linux = os.path.join('third_party', 'nomos', 'nomossa')
-_license_scanner_macos = os.path.join('third_party', 'askalono', 'askalono_macos')
-_license_scanner_windows = os.path.join('third_party', 'askalono', 'askalono.exe')
-
 gradle_config = ['runtimeClasspath', 'runtime']
 android_config = ['releaseRuntimeClasspath']
+ASKALONO_THRESHOLD = 0.7
 
 
 class PackageManager:
@@ -54,7 +50,6 @@ class PackageManager:
         self.dep_items = []
 
         self.platform = platform.system()
-        self.license_scanner_bin = check_license_scanner(self.platform)
 
     def __del__(self):
         self.input_package_list_file = []
@@ -113,7 +108,7 @@ class PackageManager:
                     cmd_gradle = "./gradlew"
             else:
                 ret_task = False
-                logger.warning('No gradlew file exists. (skip to find dependencies relationship.')
+                logger.warning('No gradlew file exists (Skip to find dependencies relationship.).')
                 if ret_plugin:
                     logger.warning('Also it cannot run android-dependency-scanning plugin.')
             if ret_task:
@@ -126,11 +121,10 @@ class PackageManager:
                             self.parse_dependency_tree(ret)
                         else:
                             self.set_direct_dependencies(False)
-                            logger.warning("Failed to run allDeps task.")
+                            logger.warning(f"Fail to run {cmd}")
                     except Exception as e:
                         self.set_direct_dependencies(False)
-                        logger.error(f'Fail to run {cmd}: {e}')
-                        logger.warning('It cannot print the direct/transitive dependencies relationship.')
+                        logger.warning(f"Cannot print 'depends on' information. (fail {cmd}: {e})")
 
                 if ret_plugin:
                     cmd = f"{cmd_gradle} generateLicenseTxt"
@@ -157,6 +151,9 @@ class PackageManager:
                 if os.path.isfile(module_gradle_backup):
                     os.remove(module_build_gradle)
                     shutil.move(module_gradle_backup, module_build_gradle)
+        if os.path.isfile(self.input_file_name):
+            logger.info(f'Found {self.input_file_name}, skip to run plugin.')
+            ret_task = True
         return ret_task
 
     def add_android_plugin_in_gradle(self, module_build_gradle):
@@ -316,9 +313,8 @@ def connect_github(github_token):
     return g
 
 
-def get_github_license(g, github_repo, platform, license_scanner_bin):
+def get_github_license(g, github_repo):
     license_name = ''
-    tmp_license_txt_file_name = 'tmp_license.txt'
 
     try:
         repository = g.get_repo(github_repo)
@@ -334,96 +330,26 @@ def get_github_license(g, github_repo, platform, license_scanner_bin):
             if license_name == "" or license_name == "NOASSERTION":
                 try:
                     license_txt_data = base64.b64decode(repository.get_license().content).decode('utf-8')
-                    tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
-                    tmp_license_txt.write(license_txt_data)
-                    tmp_license_txt.close()
-                    license_name = check_and_run_license_scanner(platform, license_scanner_bin, tmp_license_txt_file_name)
+                    license_name = check_license_name(license_txt_data)
                 except Exception:
-                    logger.info("Cannot find the license name with license scanner binary.")
-
-                if os.path.isfile(tmp_license_txt_file_name):
-                    os.remove(tmp_license_txt_file_name)
+                    logger.info("Cannot find the license name with askalono.")
         except Exception:
             logger.info("Cannot find the license name with github api.")
 
     return license_name
 
 
-def check_license_scanner(platform):
-    license_scanner_bin = ''
-
-    if platform == const.LINUX:
-        license_scanner = _license_scanner_linux
-    elif platform == const.MACOS:
-        license_scanner = _license_scanner_macos
-    elif platform == const.WINDOWS:
-        license_scanner = _license_scanner_windows
-    else:
-        logger.debug("Not supported OS to analyze license text with binary.")
-
-    if license_scanner:
-        try:
-            base_path = sys._MEIPASS
-        except Exception:
-            base_path = os.path.dirname(__file__)
-
-        data_path = os.path.join(base_path, license_scanner)
-        license_scanner_bin = data_path
-
-    return license_scanner_bin
-
-
-def check_and_run_license_scanner(platform, license_scanner_bin, file_dir):
+def check_license_name(license_txt, is_filepath=False):
     license_name = ''
+    if is_filepath:
+        with open(license_txt, 'r', encoding='utf-8') as f:
+            license_content = f.read()
+    else:
+        license_content = license_txt
 
-    if not license_scanner_bin:
-        logger.error('Not supported OS for license scanner binary.')
-
-    try:
-        tmp_output_file_name = "tmp_license_scanner_output.txt"
-
-        if file_dir == "UNKNOWN":
-            license_name = ""
-        else:
-            if platform == const.LINUX:
-                run_license_scanner = f"{license_scanner_bin} {file_dir} > {tmp_output_file_name}"
-            elif platform == const.MACOS:
-                run_license_scanner = f"{license_scanner_bin} identify {file_dir} > {tmp_output_file_name}"
-            elif platform == const.WINDOWS:
-                run_license_scanner = f"{license_scanner_bin} identify {file_dir} > {tmp_output_file_name}"
-            else:
-                run_license_scanner = ''
-
-            if run_license_scanner is None:
-                license_name = ""
-                return license_name
-            else:
-                ret = subprocess.run(run_license_scanner, shell=True, stderr=subprocess.PIPE)
-                if ret.returncode != 0 or ret.stderr:
-                    os.remove(tmp_output_file_name)
-                    return ""
-
-            fp = open(tmp_output_file_name, "r", encoding='utf8')
-            license_output = fp.read()
-            fp.close()
-
-            if platform == const.LINUX:
-                license_output_re = re.findall(r'.*contains license\(s\)\s(.*)', license_output)
-            else:
-                license_output_re = re.findall(r"License:\s{1}(\S*)\s{1}", license_output)
-
-            if len(license_output_re) == 1:
-                license_name = license_output_re[0]
-                if license_name == "No_license_found":
-                    license_name = ""
-            else:
-                license_name = ""
-            os.remove(tmp_output_file_name)
-
-    except Exception as ex:
-        logger.error(f"Failed to run license scan binary. {ex}")
-        license_name = ""
-
+    detect_askalono = identify(license_content)
+    if detect_askalono.score > ASKALONO_THRESHOLD:
+        license_name = detect_askalono.name
     return license_name
 
 

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/constant.py

@@ -24,10 +24,12 @@ NUGET = 'nuget'
 HELM = 'helm'
 UNITY = 'unity'
 CARGO = 'cargo'
+PNPM = 'pnpm'
 
 # Supported package name and manifest file
 SUPPORT_PACKAE = {
     PYPI: ['requirements.txt', 'setup.py', 'pyproject.toml'],
+    PNPM: 'pnpm-lock.yaml',
     NPM: 'package.json',
     MAVEN: 'pom.xml',
     GRADLE: 'build.gradle',

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Carthage.py

@@ -9,8 +9,8 @@ import os
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import connect_github, get_github_license, check_and_run_license_scanner
-from fosslight_dependency._package_manager import get_url_to_purl
+from fosslight_dependency._package_manager import connect_github, get_github_license
+from fosslight_dependency._package_manager import get_url_to_purl, check_license_name
 from fosslight_dependency.dependency_item import DependencyItem
 from fosslight_util.oss_item import OssItem
 
@@ -79,9 +79,7 @@ class Carthage(PackageManager):
                                 for license_file_reg in license_file_regs:
                                     match_result = re.match(license_file_reg, filename_in_dir.lower())
                                     if match_result is not None:
-                                        license_name = check_and_run_license_scanner(self.platform,
-                                                                                     self.license_scanner_bin,
-                                                                                     filename_with_checkout_path)
+                                        license_name = check_license_name(filename_with_checkout_path, True)
                                         find_license = True
                                         break
                     if license_name == '':
@@ -89,7 +87,7 @@ class Carthage(PackageManager):
                             try:
                                 if not g:
                                     g = connect_github(self.github_token)
-                                license_name = get_github_license(g, oss_path, self.platform, self.license_scanner_bin)
+                                license_name = get_github_license(g, oss_path)
                             except Exception as e:
                                 logger.warning(f"Failed to get license with github api: {e}")
                                 license_name == ''

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Npm.py

@@ -46,7 +46,7 @@ class Npm(PackageManager):
         ret = True
         license_checker_cmd = f'license-checker --production --json --out {self.input_file_name}'
         custom_path_option = ' --customPath '
-        npm_install_cmd = 'npm install --production'
+        npm_install_cmd = 'npm install --production --ignore-scripts'
 
         if os.path.isdir(node_modules) != 1:
             logger.info(f"node_modules directory is not existed. So it executes '{npm_install_cmd}'.")

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Nuget.py

@@ -12,7 +12,7 @@ import requests
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
+from fosslight_dependency._package_manager import check_license_name, get_url_to_purl
 from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
 from fosslight_util.oss_item import OssItem
 
@@ -54,7 +54,8 @@ class Nuget(PackageManager):
                 oss_item.version = oss_version
 
                 license_name = ''
-                response = requests.get(f'{self.nuget_api_url}{oss_origin_name}/{oss_item.version}/{oss_origin_name}.nuspec')
+                response = requests.get(f'{self.nuget_api_url.lower()}{oss_origin_name.lower()}/ \
+                                        {oss_item.version.lower()}/{oss_origin_name.lower()}.nuspec')
                 if response.status_code == 200:
                     root = fromstring(response.text)
                     xmlns = ''
@@ -73,14 +74,9 @@ class Nuget(PackageManager):
                         if license_url is not None:
                             url_res = requests.get(license_url.text)
                             if url_res.status_code == 200:
-                                tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
-                                tmp_license_txt.write(url_res.text)
-                                tmp_license_txt.close()
-                                license_name_with_license_scanner = check_and_run_license_scanner(self.platform,
-                                                                                                  self.license_scanner_bin,
-                                                                                                  tmp_license_txt_file_name)
-                                if license_name_with_license_scanner != "":
-                                    license_name = license_name_with_license_scanner
+                                license_name_with_scanner = check_license_name(url_res.text)
+                                if license_name_with_scanner != "":
+                                    license_name = license_name_with_scanner
                                 else:
                                     license_name = license_url.text
                     oss_item.license = license_name

fosslight_dependency-4.1.9/src/fosslight_dependency/package_manager/Pnpm.py

@@ -0,0 +1,155 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# Copyright (c) 2025 LG Electronics Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+import os
+import logging
+import subprocess
+import json
+import shutil
+import fosslight_util.constant as constant
+import fosslight_dependency.constant as const
+from fosslight_dependency._package_manager import PackageManager, get_url_to_purl
+from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
+from fosslight_dependency.package_manager.Npm import check_multi_license
+from fosslight_util.oss_item import OssItem
+
+logger = logging.getLogger(constant.LOGGER_NAME)
+node_modules = 'node_modules'
+
+
+class Pnpm(PackageManager):
+    package_manager_name = const.PNPM
+
+    dn_url = 'https://www.npmjs.com/package/'
+    input_file_name = 'tmp_pnpm_license_output.json'
+    flag_tmp_node_modules = False
+    project_name_list = []
+    pkg_list = {}
+
+    def __init__(self, input_dir, output_dir):
+        super().__init__(self.package_manager_name, self.dn_url, input_dir, output_dir)
+
+    def __del__(self):
+        if os.path.isfile(self.input_file_name):
+            os.remove(self.input_file_name)
+        if self.flag_tmp_node_modules:
+            shutil.rmtree(node_modules, ignore_errors=True)
+
+    def run_plugin(self):
+        ret = True
+
+        pnpm_install_cmd = 'pnpm install --prod --ignore-scripts --ignore-pnpmfile'
+        if os.path.isdir(node_modules) != 1:
+            logger.info(f"node_modules directory is not existed. So it executes '{pnpm_install_cmd}'.")
+            self.flag_tmp_node_modules = True
+            cmd_ret = subprocess.call(pnpm_install_cmd, shell=True)
+            if cmd_ret != 0:
+                logger.error(f"{pnpm_install_cmd} returns an error")
+                ret = False
+        if ret:
+            project_cmd = 'pnpm ls -r --depth -1 -P --json'
+            ret_txt = subprocess.check_output(project_cmd, text=True, shell=True)
+            if ret_txt is not None:
+                deps_l = json.loads(ret_txt)
+                for items in deps_l:
+                    self.project_name_list.append(items["name"])
+        return ret
+
+    def parse_direct_dependencies(self):
+        if not self.direct_dep:
+            return
+        try:
+            direct_cmd = 'pnpm ls -r --depth 0 -P --json'
+            ret_txt = subprocess.check_output(direct_cmd, text=True, shell=True)
+            if ret_txt is not None:
+                deps_l = json.loads(ret_txt)
+                for item in deps_l:
+                    if 'dependencies' in item and isinstance(item['dependencies'], dict):
+                        self.direct_dep_list.extend(item['dependencies'].keys())
+            else:
+                self.direct_dep = False
+                logger.warning('Cannot print direct/transitive dependency')
+        except Exception as e:
+            logger.warning(f'Fail to print direct/transitive dependency: {e}')
+            self.direct_dep = False
+        if self.direct_dep:
+            self.direct_dep_list = list(filter(lambda dep: dep not in self.project_name_list, self.direct_dep_list))
+
+    def extract_dependencies(self, dependencies, purl_dict):
+        dep_item_list = []
+        for dep_name, dep_info in dependencies.items():
+            if dep_name not in self.project_name_list:
+                if dep_name in self.pkg_list.keys():
+                    if dep_info.get('version') in self.pkg_list[dep_name]:
+                        continue
+                self.pkg_list.setdefault(dep_name, []).append(dep_info.get('version'))
+                dep_item = DependencyItem()
+                oss_item = OssItem()
+                oss_item.name = f'npm:{dep_name}'
+                oss_item.version = dep_info.get('version')
+
+                license_name = dep_info.get('license')
+                if license_name:
+                    multi_license, license_comment, multi_flag = check_multi_license(license_name, '')
+                    if multi_flag:
+                        oss_item.comment = license_comment
+                        license_name = multi_license
+                    else:
+                        license_name = license_name.replace(",", "")
+                    oss_item.license = license_name
+
+                oss_item.homepage = f'{self.dn_url}{dep_name}'
+                oss_item.download_location = dep_info.get('repository')
+                if oss_item.download_location:
+                    if oss_item.download_location.endswith('.git'):
+                        oss_item.download_location = oss_item.download_location[:-4]
+                    if oss_item.download_location.startswith('git://'):
+                        oss_item.download_location = 'https://' + oss_item.download_location[6:]
+                    elif oss_item.download_location.startswith('git+https://'):
+                        oss_item.download_location = 'https://' + oss_item.download_location[12:]
+                    elif oss_item.download_location.startswith('git+ssh://git@'):
+                        oss_item.download_location = 'https://' + oss_item.download_location[14:]
+                else:
+                    oss_item.download_location = f'{self.dn_url}{dep_name}/v/{oss_item.version}'
+
+                dn_loc = f'{oss_item.homepage}/v/{oss_item.version}'
+                dep_item.purl = get_url_to_purl(dn_loc, 'npm')
+                purl_dict[f'{dep_name}({oss_item.version})'] = dep_item.purl
+
+                if dep_name in self.direct_dep_list:
+                    oss_item.comment = 'direct'
+                else:
+                    oss_item.comment = 'transitive'
+
+                if 'dependencies' in dep_info:
+                    for dn, di in dep_info.get('dependencies').items():
+                        if dn not in self.project_name_list:
+                            dep_item.depends_on_raw.append(f"{dn}({di['version']})")
+
+                dep_item.oss_items.append(oss_item)
+                dep_item_list.append(dep_item)
+
+            if 'dependencies' in dep_info:
+                dep_item_list_inner, purl_dict_inner = self.extract_dependencies(dep_info['dependencies'], purl_dict)
+                dep_item_list.extend(dep_item_list_inner)
+                purl_dict.update(purl_dict_inner)
+
+        return dep_item_list, purl_dict
+
+    def parse_oss_information_for_pnpm(self):
+        project_cmd = 'pnpm ls --json -r --depth Infinity -P --long'
+        ret_txt = subprocess.check_output(project_cmd, text=True, shell=True)
+        if ret_txt is not None:
+            deps_l = json.loads(ret_txt)
+            purl_dict = {}
+            for items in deps_l:
+                if 'dependencies' in items:
+                    dep_item_list_inner, purl_dict_inner = self.extract_dependencies(items['dependencies'], purl_dict)
+                    self.dep_items.extend(dep_item_list_inner)
+                    purl_dict.update(purl_dict_inner)
+            if self.direct_dep:
+                self.dep_items = change_dependson_to_purl(purl_dict, self.dep_items)
+        else:
+            logger.warning(f'No output for {project_cmd}')

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Pub.py

@@ -10,11 +10,10 @@ import re
 import shutil
 import yaml
 import subprocess
-from askalono import identify
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import get_url_to_purl
+from fosslight_dependency._package_manager import get_url_to_purl, check_license_name
 from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
 from fosslight_util.oss_item import OssItem
 
@@ -135,9 +134,7 @@ class Pub(PackageManager):
                 purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
                 license_txt = json_data['license']
                 if license_txt is not None:
-                    detect_askalono = identify(license_txt)
-                    if detect_askalono.score > 0.7:
-                        oss_item.license = detect_askalono.name
+                    oss_item.license = check_license_name(license_txt)
 
                 if self.direct_dep:
                     if oss_origin_name not in self.total_dep_list:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Pypi.py

@@ -13,7 +13,7 @@ import re
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
+from fosslight_dependency._package_manager import check_license_name, get_url_to_purl
 from fosslight_dependency.dependency_item import DependencyItem, change_dependson_to_purl
 from fosslight_util.oss_item import OssItem
 
@@ -111,7 +111,7 @@ class Pypi(PackageManager):
             install_cmd = cmd_separator.join(install_cmd_list)
         else:
             logger.error(const.SUPPORT_PACKAE[self.package_manager_name])
-            logger.error('Cannot create virtualenv becuase it cannot find: '
+            logger.error('Cannot create virtualenv because it cannot find: '
                          + ', '.join(const.SUPPORT_PACKAE[self.package_manager_name]))
             logger.error("Please run with '-a' and '-d' option.")
             return False
@@ -302,12 +302,7 @@ class Pypi(PackageManager):
                 if license_name is not None:
                     license_name = license_name.replace(';', ',')
                 else:
-                    license_file_dir = d['LicenseFile']
-                    license_name_with_lic_scanner = check_and_run_license_scanner(self.platform,
-                                                                                  self.license_scanner_bin,
-                                                                                  license_file_dir)
-                    if license_name_with_lic_scanner != "":
-                        license_name = license_name_with_lic_scanner
+                    license_name = check_license_name(d['LicenseFile'], True)
                 oss_item.license = license_name
 
                 if oss_init_name == self.package_name:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Swift.py

@@ -140,7 +140,7 @@ class Swift(PackageManager):
             github_repo = "/".join(oss_item.homepage.split('/')[-2:])
             dep_item.purl = get_url_to_purl(oss_item.download_location, self.package_manager_name, github_repo, oss_item.version)
             purl_dict[f'{oss_origin_name}({oss_item.version})'] = dep_item.purl
-            oss_item.license = get_github_license(g, github_repo, self.platform, self.license_scanner_bin)
+            oss_item.license = get_github_license(g, github_repo)
 
             if self.direct_dep and len(self.direct_dep_list) > 0:
                 if oss_origin_name in self.direct_dep_list:

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/package_manager/Unity.py

@@ -11,13 +11,12 @@ import requests
 import fosslight_util.constant as constant
 import fosslight_dependency.constant as const
 from fosslight_dependency._package_manager import PackageManager
-from fosslight_dependency._package_manager import check_and_run_license_scanner, get_url_to_purl
+from fosslight_dependency._package_manager import check_license_name, get_url_to_purl
 from fosslight_dependency.dependency_item import DependencyItem
 from fosslight_util.oss_item import OssItem
 
 logger = logging.getLogger(constant.LOGGER_NAME)
 proprietary_license = 'Proprietary License'
-unclassifed_license = 'UnclassifiedLicense'
 license_md = 'LICENSE.md'
 third_party_md = 'Third Party Notices.md'
 
@@ -50,10 +49,8 @@ class Unity(PackageManager):
                 oss_packagecache_dir = os.path.join(self.packageCache_dir, f'{oss_item.name}@{oss_item.version}')
                 license_f = os.path.join(oss_packagecache_dir, license_md)
                 if os.path.isfile(license_f):
-                    license_name = check_and_run_license_scanner(self.platform,
-                                                                 self.license_scanner_bin,
-                                                                 license_f)
-                    if license_name == unclassifed_license or license_name == '':
+                    license_name = check_license_name(license_f, True)
+                    if license_name == '':
                         with open(license_f, 'r', encoding='utf-8') as f:
                             for line in f:
                                 matched_l = re.search(r'Unity\s[\s\w]*\sLicense', line)

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency/run_dependency_scanner.py

@@ -51,17 +51,17 @@ def paginate_file(file_path):
             input("Press Enter to see the next page...")
 
 
-def find_package_manager(input_dir, abs_path_to_exclude=[]):
+def find_package_manager(input_dir, abs_path_to_exclude=[], manifest_file_name=[]):
     ret = True
-    manifest_file_name = []
-    for value in const.SUPPORT_PACKAE.values():
-        if isinstance(value, list):
-            manifest_file_name.extend(value)
-        else:
-            manifest_file_name.append(value)
+    if not manifest_file_name:
+        for value in const.SUPPORT_PACKAE.values():
+            if isinstance(value, list):
+                manifest_file_name.extend(value)
+            else:
+                manifest_file_name.append(value)
 
     found_manifest_file = []
-    for (parent, _, files) in os.walk(input_dir):
+    for parent, dirs, files in os.walk(input_dir):
         if len(files) < 1:
             continue
         if os.path.basename(parent) in _exclude_dir:
@@ -76,6 +76,13 @@ def find_package_manager(input_dir, abs_path_to_exclude=[]):
                 continue
             if file in manifest_file_name:
                 found_manifest_file.append(file)
+        for dir in dirs:
+            for manifest_f in manifest_file_name:
+                manifest_l = manifest_f.split(os.path.sep)
+                if len(manifest_l) > 1:
+                    if manifest_l[0] == dir:
+                        if os.path.exists(os.path.join(parent, manifest_f)):
+                            found_manifest_file.append(manifest_f)
         if len(found_manifest_file) > 0:
             input_dir = parent
             break
@@ -93,13 +100,16 @@ def find_package_manager(input_dir, abs_path_to_exclude=[]):
                 if value == f_idx:
                     found_package_manager[key] = [f_idx]
 
+    # both npm and pnpm are detected, remove npm.
+    if 'npm' in found_package_manager and 'pnpm' in found_package_manager:
+        del found_package_manager['npm']
     if len(found_package_manager) >= 1:
-        manifest_file_w_path = map(lambda x: os.path.join(input_dir, x), found_manifest_file)
+        manifest_file_w_path = [os.path.join(input_dir, file) for pkg, files in found_package_manager.items() for file in files]
         logger.info(f"Found the manifest file({','.join(manifest_file_w_path)}) automatically.")
         logger.warning(f"### Set Package Manager = {', '.join(found_package_manager.keys())}")
     else:
         ret = False
-        logger.info("It cannot find the manifest file.")
+        logger.info("Cannot find the manifest file.")
 
     return ret, found_package_manager, input_dir
 
@@ -168,17 +178,6 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
         logger.error(msg)
         return False, scan_item
 
-    autodetect = True
-    if package_manager:
-        autodetect = False
-        support_packagemanager = list(const.SUPPORT_PACKAE.keys())
-
-        if package_manager not in support_packagemanager:
-            logger.error(f"(-m option) You entered the unsupported package manager({package_manager}).")
-            logger.error("Please enter the supported package manager({0}) with '-m' option."
-                         .format(", ".join(support_packagemanager)))
-            return False, scan_item
-
     if input_dir:
         if os.path.isdir(input_dir):
             os.chdir(input_dir)
@@ -192,20 +191,44 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
         os.chdir(input_dir)
     scan_item.set_cover_pathinfo(input_dir, path_to_exclude)
 
+    autodetect = True
     found_package_manager = {}
-    if autodetect:
-        try:
-            ret, found_package_manager, input_dir = find_package_manager(input_dir, abs_path_to_exclude)
+    if package_manager:
+        autodetect = False
+        support_packagemanager = list(const.SUPPORT_PACKAE.keys())
+
+        if package_manager not in support_packagemanager:
+            logger.error(f"(-m option) You entered the unsupported package manager({package_manager}).")
+            logger.error("Please enter the supported package manager({0}) with '-m' option."
+                         .format(", ".join(support_packagemanager)))
+            return False, scan_item
+        manifest_file_name = []
+        value = const.SUPPORT_PACKAE[package_manager]
+        if isinstance(value, list):
+            manifest_file_name.extend(value)
+        else:
+            manifest_file_name.append(value)
+        scan_item.set_cover_comment(f"Manual detect mode (-m {package_manager})")
+    else:
+        manifest_file_name = []
+
+    try:
+        ret, found_package_manager, input_dir = find_package_manager(input_dir, abs_path_to_exclude, manifest_file_name)
+        if ret:
             os.chdir(input_dir)
-        except Exception as e:
+    except Exception as e:
+        if autodetect:
             logger.error(f'Fail to find package manager: {e}')
             ret = False
-        finally:
-            if not ret:
-                logger.warning("Dependency scanning terminated because the package manager was not found.")
+    finally:
+        if not ret:
+            if not autodetect:
+                logger.info('Try to analyze dependency without manifest file. (Manual mode)')
+                found_package_manager[package_manager] = []
+            else:
+                logger.error("Terminated: package manager could not be found.")
                 ret = False
-    else:
-        found_package_manager[package_manager] = ["manual detect ('-m option')"]
+                return False, scan_item
 
     pass_key = 'PASS'
     success_pm = []
@@ -242,7 +265,8 @@ def run_dependency_scanner(package_manager='', input_dir='', output_dir_file='',
                        'and https://fosslight.org/fosslight-guide-en/scanner/3_dependency.html#-prerequisite.'
             scan_item.set_cover_comment(f"Analysis failed Package manager: {', '.join(fail_pm)} ({info_msg})")
     else:
-        scan_item.set_cover_comment("No Package manager detected.")
+        if autodetect:
+            scan_item.set_cover_comment("No Package manager detected.")
 
     if ret and graph_path:
         graph_path = os.path.abspath(graph_path)

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: fosslight-dependency
-Version: 4.1.7
+Version: 4.1.9
 Summary: FOSSLight Dependency Scanner
 Home-page: https://github.com/fosslight/fosslight_dependency_scanner
 Author: LG Electronics
@@ -164,8 +164,8 @@ Description: <!--
 Platform: UNKNOWN
 Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.6
-Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Description-Content-Type: text/markdown

{fosslight_dependency-4.1.7 → fosslight_dependency-4.1.9}/src/fosslight_dependency.egg-info/SOURCES.txt

@@ -31,6 +31,7 @@ src/fosslight_dependency/package_manager/Helm.py
 src/fosslight_dependency/package_manager/Maven.py
 src/fosslight_dependency/package_manager/Npm.py
 src/fosslight_dependency/package_manager/Nuget.py
+src/fosslight_dependency/package_manager/Pnpm.py
 src/fosslight_dependency/package_manager/Pub.py
 src/fosslight_dependency/package_manager/Pypi.py
 src/fosslight_dependency/package_manager/Swift.py