license-report
Advanced tools
Comparing version 3.0.0 to 4.1.0
98
index.js
#!/usr/bin/env node | ||
var path = require('path') | ||
var debug = require('debug')('license-report') | ||
var config = require('./lib/config.js') | ||
var getPackageReportData = require('./lib/getPackageReportData.js') | ||
var async = require('async') | ||
var _ = require('lodash') | ||
var table = require('text-table') | ||
var addPackagesToIndex = require('./lib/addPackagesToIndex') | ||
const path = require('path') | ||
const async = require('async') | ||
const debug = require('debug')('license-report') | ||
const config = require('./lib/config.js') | ||
const getFormatter = require('./lib/getFormatter') | ||
const addPackagesToIndex = require('./lib/addPackagesToIndex') | ||
const getPackageReportData = require('./lib/getPackageReportData.js') | ||
const packageDataToReportData = require('./lib/packageDataToReportData') | ||
@@ -20,16 +20,16 @@ if (!config.package) { | ||
var resolvedPackageJson = path.resolve(process.cwd(), config.package) | ||
const outputFormatter = getFormatter(config.output) | ||
const resolvedPackageJson = path.resolve(process.cwd(), config.package) | ||
debug('requiring %s', resolvedPackageJson) | ||
const packageJson = require(resolvedPackageJson) | ||
var packageJson = require(resolvedPackageJson) | ||
const deps = packageJson.dependencies | ||
const devDeps = packageJson.devDependencies | ||
var deps = packageJson.dependencies | ||
var devDeps = packageJson.devDependencies | ||
var exclusions = Array.isArray(config.exclude) ? config.exclude : [config.exclude] | ||
const exclusions = Array.isArray(config.exclude) ? config.exclude : [config.exclude] | ||
/* | ||
an index of all the dependencies | ||
*/ | ||
var depsIndex = [] | ||
let depsIndex = [] | ||
@@ -46,71 +46,7 @@ if(!config.only || config.only.indexOf('prod') > -1) { | ||
if (err) return console.error(err) | ||
if (results.length === 0) return console.log('nothing to do') | ||
// TODO decouple !!! this is terrible | ||
try { | ||
for (var i = 0; i < results.length; i++) { | ||
var packageData = results[i] | ||
var finalData = {} | ||
for (var x = 0; x < config.fields.length; x++) { | ||
var fieldName = config.fields[x] | ||
// create only fields specified by the config | ||
finalData[fieldName] = packageData[fieldName] | ||
// fill in defaults | ||
if (!(fieldName in packageData)) { | ||
finalData[fieldName] = config[fieldName].value | ||
} | ||
} | ||
// turn every object to an array, make sure there are no undefined elements anywhere | ||
if (config.output === 'table' || config.output === 'csv') { | ||
finalData = _.toArray(finalData) | ||
for (var j = finalData.length - 1; j >= 0; j--) { | ||
if (!finalData[j]) { | ||
finalData[j] = 'n/a' | ||
} | ||
} | ||
} | ||
results[i] = finalData | ||
} | ||
if (config.output === 'json') { | ||
console.log(JSON.stringify(results)) | ||
} else if (config.output === 'table') { | ||
var labels = [] | ||
var lines = [] | ||
// create a labels array and a lines array | ||
// the lines will be the same length as the label's | ||
for (var i = 0; i < config.fields.length; i++) { | ||
var label = config[config.fields[i]].label | ||
labels.push(label) | ||
var line = new Buffer(Buffer.byteLength(label)) | ||
line.fill('-') | ||
lines.push(line.toString()) | ||
} | ||
results.unshift(lines) | ||
results.unshift(labels) | ||
console.log(table(results)) | ||
} else if (config.output = 'csv') { | ||
if (config.csvHeaders) { | ||
results.unshift(config.fields) | ||
} | ||
for (var i = results.length - 1; i >= 0; i--) { | ||
results[i] = results[i].join(config.delimiter) | ||
} | ||
console.log(results.join('\n')) | ||
} else { | ||
throw new Error('invalid input') | ||
} | ||
packagesData = results.map(element => packageDataToReportData(element, config)) | ||
console.log(outputFormatter(packagesData, config)) | ||
} catch (e) { | ||
@@ -117,0 +53,0 @@ console.error(e.stack) |
@@ -6,3 +6,3 @@ /* | ||
module.exports = function(packages, packageIndex, exclusions) { | ||
exclusions = exclusions || [] | ||
exclusions = exclusions || [] | ||
@@ -20,3 +20,3 @@ // iterate over packages and prepare urls before I call the registry | ||
if(key.indexOf('@') === 0) { | ||
if (key.indexOf('@') === 0) { | ||
var scopeSeparator = key.indexOf('/') | ||
@@ -26,7 +26,7 @@ scope = key.substring(1, scopeSeparator) | ||
} | ||
var entry = { | ||
var entry = { | ||
fullName: fullName, | ||
name: name, | ||
version: version, | ||
version: version, | ||
scope: scope | ||
@@ -38,3 +38,3 @@ } | ||
} | ||
} | ||
} | ||
} | ||
@@ -51,2 +51,2 @@ | ||
return -1 | ||
} | ||
} |
@@ -10,3 +10,3 @@ var rc = require('rc') | ||
*/ | ||
output: 'json', | ||
output: 'json', | ||
@@ -30,3 +30,3 @@ /* | ||
an array of package names that will be excluded from the report | ||
*/ | ||
*/ | ||
exclude: [], | ||
@@ -45,3 +45,4 @@ | ||
'link', | ||
'comment' | ||
'comment', | ||
'installedVersion' | ||
], | ||
@@ -81,2 +82,6 @@ | ||
}, | ||
installedVersion: { | ||
value: 'n/a', | ||
label: 'installed version' | ||
}, | ||
httpRetryOptions: { | ||
@@ -86,2 +91,2 @@ maxAttempts: 5, | ||
} | ||
}) | ||
}) |
@@ -20,3 +20,3 @@ var util = require('util') | ||
if (typeof json.licenses[i] === 'string' ) { | ||
if (typeof json.licenses[i] === 'string') { | ||
result += json.licenses[i] | ||
@@ -23,0 +23,0 @@ } else { |
@@ -13,3 +13,3 @@ var visit = require('visit-values') | ||
var otherUrls = [] | ||
visit(json, function(value) { | ||
@@ -25,3 +25,3 @@ if (!isString(value)) return | ||
}) | ||
if (otherUrls.length > 0) { | ||
@@ -28,0 +28,0 @@ return otherUrls[0] |
@@ -19,2 +19,7 @@ var semver = require('semver') | ||
var installedVersion = packageEntry.version | ||
if (installedVersion.match(/^[\^~].*/)) { | ||
installedVersion = installedVersion.substring(1); | ||
} | ||
var localVersion = semver.validRange(packageEntry.version) | ||
@@ -52,2 +57,3 @@ | ||
name: fullPackageName, | ||
installedVersion: installedVersion, | ||
licenseType: extractLicense(versionData), | ||
@@ -54,0 +60,0 @@ link: extractLink(versionData), |
{ | ||
"name": "license-report", | ||
"version": "3.0.0", | ||
"version": "4.1.0", | ||
"description": "creates a short report about project's dependencies (license, url etc)", | ||
"main": "index.js", | ||
"scripts": { | ||
"test": "mocha -R spec" | ||
"test": "npx mocha -R spec" | ||
}, | ||
@@ -23,15 +23,16 @@ "bin": { | ||
"dependencies": { | ||
"async": "^0.9.0", | ||
"debug": "^3.2.6", | ||
"lodash": "^4.17.11", | ||
"async": "^3.2.0", | ||
"debug": "^4.1.1", | ||
"lodash": "^4.17.15", | ||
"rc": "^1.2.8", | ||
"request": "^2.88.0", | ||
"semver": "^5.4.1", | ||
"request": "^2.88.2", | ||
"semver": "^7.3.2", | ||
"stubborn": "^1.2.5", | ||
"text-table": "^0.2.0", | ||
"visit-values": "^1.0.1" | ||
"visit-values": "^2.0.0" | ||
}, | ||
"devDependencies": { | ||
"@kessler/exponential-backoff": "^2.0.0" | ||
"@kessler/exponential-backoff": "^2.0.1", | ||
"mocha": "^8.1.3" | ||
} | ||
} |
@@ -53,3 +53,3 @@ # license report tool | ||
``` | ||
license-report --excluse=async --exclude=rc | ||
license-report --exclude=async --exclude=rc | ||
``` | ||
@@ -56,0 +56,0 @@ |
@@ -60,3 +60,4 @@ var cp = require('child_process') | ||
link: 'git+https://github.com/caolan/async.git', | ||
comment: '0.9.2' | ||
comment: '3.2.0', | ||
installedVersion: '3.2.0' | ||
}, | ||
@@ -71,3 +72,4 @@ { | ||
link: 'git://github.com/visionmedia/debug.git', | ||
comment: '3.2.6' | ||
comment: '4.3.0', | ||
installedVersion: '4.1.1' | ||
}, | ||
@@ -82,3 +84,4 @@ { | ||
link: 'git+https://github.com/lodash/lodash.git', | ||
comment: '4.17.11' | ||
comment: '4.17.20', | ||
installedVersion: '4.17.15' | ||
}, | ||
@@ -93,3 +96,4 @@ { | ||
link: 'git+https://github.com/dominictarr/rc.git', | ||
comment: '1.2.8' | ||
comment: '1.2.8', | ||
installedVersion: '1.2.8' | ||
}, | ||
@@ -104,3 +108,4 @@ { | ||
link: 'git+https://github.com/request/request.git', | ||
comment: '2.88.0' | ||
comment: '2.88.2', | ||
installedVersion: '2.88.2' | ||
}, | ||
@@ -115,3 +120,4 @@ { | ||
link: 'git+https://github.com/npm/node-semver.git', | ||
comment: '5.7.0' | ||
comment: '7.3.2', | ||
installedVersion: '7.3.2' | ||
}, | ||
@@ -126,3 +132,4 @@ { | ||
link: 'git://github.com/grudzinski/stubborn.git', | ||
comment: '1.2.5' | ||
comment: '1.2.5', | ||
installedVersion: '1.2.5' | ||
}, | ||
@@ -137,3 +144,4 @@ { | ||
link: 'git://github.com/substack/text-table.git', | ||
comment: '0.2.0' | ||
comment: '0.2.0', | ||
installedVersion: '0.2.0' | ||
}, | ||
@@ -148,18 +156,57 @@ { | ||
link: 'https://github.com/kessler/node-visit-values', | ||
comment: '1.0.4' | ||
comment: '2.0.0', | ||
installedVersion: '2.0.0' | ||
}, | ||
{ | ||
comment: '2.0.0', | ||
comment: '2.0.1', | ||
installedVersion: '2.0.1', | ||
department: 'kessler', | ||
licensePeriod: 'perpetual', | ||
licenseType: 'MIT', | ||
link: 'https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.0.tgz', | ||
link: 'https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.1.tgz', | ||
material: 'material', | ||
name: '@kessler/exponential-backoff', | ||
relatedTo: 'stuff' | ||
}, | ||
{ | ||
comment: '8.1.3', | ||
department: 'kessler', | ||
installedVersion: '8.1.3', | ||
licensePeriod: 'perpetual', | ||
licenseType: 'MIT', | ||
link: 'git+https://github.com/mochajs/mocha.git', | ||
material: 'material', | ||
name: 'mocha', | ||
relatedTo: 'stuff' | ||
} | ||
] | ||
var EXPECTED_TABLE_RESULT = "department related to name license period material / not material license type link comment\n---------- ---------- ---- -------------- ----------------------- ------------ ---- -------\nkessler stuff async perpetual material MIT git+https://github.com/caolan/async.git 0.9.2\nkessler stuff debug perpetual material MIT git://github.com/visionmedia/debug.git 3.2.6\nkessler stuff lodash perpetual material MIT git+https://github.com/lodash/lodash.git 4.17.11\nkessler stuff rc perpetual material (BSD-2-Clause OR MIT OR Apache-2.0) git+https://github.com/dominictarr/rc.git 1.2.8\nkessler stuff request perpetual material Apache-2.0 git+https://github.com/request/request.git 2.88.0\nkessler stuff semver perpetual material ISC git+https://github.com/npm/node-semver.git 5.7.0\nkessler stuff stubborn perpetual material ISC git://github.com/grudzinski/stubborn.git 1.2.5\nkessler stuff text-table perpetual material MIT git://github.com/substack/text-table.git 0.2.0\nkessler stuff visit-values perpetual material MIT https://github.com/kessler/node-visit-values 1.0.4\nkessler stuff @kessler/exponential-backoff perpetual material MIT https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.0.tgz 2.0.0\n" | ||
var EXPECTED_TABLE_RESULT = `department related to name license period material / not material license type link comment installed version | ||
---------- ---------- ---- -------------- ----------------------- ------------ ---- ------- ----------------- | ||
kessler stuff async perpetual material MIT git+https://github.com/caolan/async.git 3.2.0 3.2.0 | ||
kessler stuff debug perpetual material MIT git://github.com/visionmedia/debug.git 4.3.0 4.1.1 | ||
kessler stuff lodash perpetual material MIT git+https://github.com/lodash/lodash.git 4.17.20 4.17.15 | ||
kessler stuff rc perpetual material (BSD-2-Clause OR MIT OR Apache-2.0) git+https://github.com/dominictarr/rc.git 1.2.8 1.2.8 | ||
kessler stuff request perpetual material Apache-2.0 git+https://github.com/request/request.git 2.88.2 2.88.2 | ||
kessler stuff semver perpetual material ISC git+https://github.com/npm/node-semver.git 7.3.2 7.3.2 | ||
kessler stuff stubborn perpetual material ISC git://github.com/grudzinski/stubborn.git 1.2.5 1.2.5 | ||
kessler stuff text-table perpetual material MIT git://github.com/substack/text-table.git 0.2.0 0.2.0 | ||
kessler stuff visit-values perpetual material MIT https://github.com/kessler/node-visit-values 2.0.0 2.0.0 | ||
kessler stuff @kessler/exponential-backoff perpetual material MIT https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.1.tgz 2.0.1 2.0.1 | ||
kessler stuff mocha perpetual material MIT git+https://github.com/mochajs/mocha.git 8.1.3 8.1.3 | ||
`; | ||
var EXPECTED_CSV_RESULT = "department,relatedTo,name,licensePeriod,material,licenseType,link,comment\nkessler,stuff,async,perpetual,material,MIT,git+https://github.com/caolan/async.git,0.9.2\nkessler,stuff,debug,perpetual,material,MIT,git://github.com/visionmedia/debug.git,3.2.6\nkessler,stuff,lodash,perpetual,material,MIT,git+https://github.com/lodash/lodash.git,4.17.11\nkessler,stuff,rc,perpetual,material,(BSD-2-Clause OR MIT OR Apache-2.0),git+https://github.com/dominictarr/rc.git,1.2.8\nkessler,stuff,request,perpetual,material,Apache-2.0,git+https://github.com/request/request.git,2.88.0\nkessler,stuff,semver,perpetual,material,ISC,git+https://github.com/npm/node-semver.git,5.7.0\nkessler,stuff,stubborn,perpetual,material,ISC,git://github.com/grudzinski/stubborn.git,1.2.5\nkessler,stuff,text-table,perpetual,material,MIT,git://github.com/substack/text-table.git,0.2.0\nkessler,stuff,visit-values,perpetual,material,MIT,https://github.com/kessler/node-visit-values,1.0.4\nkessler,stuff,@kessler/exponential-backoff,perpetual,material,MIT,https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.0.tgz,2.0.0\n" | ||
var EXPECTED_CSV_RESULT = `department,relatedTo,name,licensePeriod,material,licenseType,link,comment,installedVersion | ||
kessler,stuff,async,perpetual,material,MIT,git+https://github.com/caolan/async.git,3.2.0,3.2.0 | ||
kessler,stuff,debug,perpetual,material,MIT,git://github.com/visionmedia/debug.git,4.3.0,4.1.1 | ||
kessler,stuff,lodash,perpetual,material,MIT,git+https://github.com/lodash/lodash.git,4.17.20,4.17.15 | ||
kessler,stuff,rc,perpetual,material,(BSD-2-Clause OR MIT OR Apache-2.0),git+https://github.com/dominictarr/rc.git,1.2.8,1.2.8 | ||
kessler,stuff,request,perpetual,material,Apache-2.0,git+https://github.com/request/request.git,2.88.2,2.88.2 | ||
kessler,stuff,semver,perpetual,material,ISC,git+https://github.com/npm/node-semver.git,7.3.2,7.3.2 | ||
kessler,stuff,stubborn,perpetual,material,ISC,git://github.com/grudzinski/stubborn.git,1.2.5,1.2.5 | ||
kessler,stuff,text-table,perpetual,material,MIT,git://github.com/substack/text-table.git,0.2.0,0.2.0 | ||
kessler,stuff,visit-values,perpetual,material,MIT,https://github.com/kessler/node-visit-values,2.0.0,2.0.0 | ||
kessler,stuff,@kessler/exponential-backoff,perpetual,material,MIT,https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.1.tgz,2.0.1,2.0.1 | ||
kessler,stuff,mocha,perpetual,material,MIT,git+https://github.com/mochajs/mocha.git,8.1.3,8.1.3 | ||
`; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
96410
19
700
1
2
+ Addedasync@3.2.6(transitive)
+ Addedsemver@7.6.3(transitive)
+ Addedvisit-values@2.0.0(transitive)
- Removedasync@0.9.2(transitive)
- Removeddebug@3.2.7(transitive)
- Removedsemver@5.7.2(transitive)
- Removedvisit-values@1.0.4(transitive)
Updatedasync@^3.2.0
Updateddebug@^4.1.1
Updatedlodash@^4.17.15
Updatedrequest@^2.88.2
Updatedsemver@^7.3.2
Updatedvisit-values@^2.0.0