Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Socket
Sign inDemoInstall

license-report

Package Overview
Dependencies
Maintainers
2
Versions
28
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

license-report - npm Package Compare versions

Comparing version 3.0.0 to 4.1.0

lib/getFormatter.js
lib/packageDataToReportData.js

98

index.js
#!/usr/bin/env node
var path = require('path')
var debug = require('debug')('license-report')
var config = require('./lib/config.js')
var getPackageReportData = require('./lib/getPackageReportData.js')
var async = require('async')
var _ = require('lodash')
var table = require('text-table')
var addPackagesToIndex = require('./lib/addPackagesToIndex')
const path = require('path')
const async = require('async')
const debug = require('debug')('license-report')
const config = require('./lib/config.js')
const getFormatter = require('./lib/getFormatter')
const addPackagesToIndex = require('./lib/addPackagesToIndex')
const getPackageReportData = require('./lib/getPackageReportData.js')
const packageDataToReportData = require('./lib/packageDataToReportData')

@@ -20,16 +20,16 @@ if (!config.package) {

var resolvedPackageJson = path.resolve(process.cwd(), config.package)
const outputFormatter = getFormatter(config.output)
const resolvedPackageJson = path.resolve(process.cwd(), config.package)
debug('requiring %s', resolvedPackageJson)
const packageJson = require(resolvedPackageJson)
var packageJson = require(resolvedPackageJson)
const deps = packageJson.dependencies
const devDeps = packageJson.devDependencies
var deps = packageJson.dependencies
var devDeps = packageJson.devDependencies
var exclusions = Array.isArray(config.exclude) ? config.exclude : [config.exclude]
const exclusions = Array.isArray(config.exclude) ? config.exclude : [config.exclude]
/*
an index of all the dependencies
*/
var depsIndex = []
let depsIndex = []

@@ -46,71 +46,7 @@ if(!config.only || config.only.indexOf('prod') > -1) {

if (err) return console.error(err)
if (results.length === 0) return console.log('nothing to do')
// TODO decouple !!! this is terrible
try {
for (var i = 0; i < results.length; i++) {
var packageData = results[i]
var finalData = {}
for (var x = 0; x < config.fields.length; x++) {
var fieldName = config.fields[x]
// create only fields specified by the config
finalData[fieldName] = packageData[fieldName]
// fill in defaults
if (!(fieldName in packageData)) {
finalData[fieldName] = config[fieldName].value
}
}
// turn every object to an array, make sure there are no undefined elements anywhere
if (config.output === 'table' || config.output === 'csv') {
finalData = _.toArray(finalData)
for (var j = finalData.length - 1; j >= 0; j--) {
if (!finalData[j]) {
finalData[j] = 'n/a'
}
}
}
results[i] = finalData
}
if (config.output === 'json') {
console.log(JSON.stringify(results))
} else if (config.output === 'table') {
var labels = []
var lines = []
// create a labels array and a lines array
// the lines will be the same length as the label's
for (var i = 0; i < config.fields.length; i++) {
var label = config[config.fields[i]].label
labels.push(label)
var line = new Buffer(Buffer.byteLength(label))
line.fill('-')
lines.push(line.toString())
}
results.unshift(lines)
results.unshift(labels)
console.log(table(results))
} else if (config.output = 'csv') {
if (config.csvHeaders) {
results.unshift(config.fields)
}
for (var i = results.length - 1; i >= 0; i--) {
results[i] = results[i].join(config.delimiter)
}
console.log(results.join('\n'))
} else {
throw new Error('invalid input')
}
packagesData = results.map(element => packageDataToReportData(element, config))
console.log(outputFormatter(packagesData, config))
} catch (e) {

@@ -117,0 +53,0 @@ console.error(e.stack)

14

lib/addPackagesToIndex.js

@@ -6,3 +6,3 @@ /*

module.exports = function(packages, packageIndex, exclusions) {
exclusions = exclusions || []
exclusions = exclusions || []

@@ -20,3 +20,3 @@ // iterate over packages and prepare urls before I call the registry

if(key.indexOf('@') === 0) {
if (key.indexOf('@') === 0) {
var scopeSeparator = key.indexOf('/')

@@ -26,7 +26,7 @@ scope = key.substring(1, scopeSeparator)

}
var entry = {
var entry = {
fullName: fullName,
name: name,
version: version,
version: version,
scope: scope

@@ -38,3 +38,3 @@ }

}
}
}
}

@@ -51,2 +51,2 @@

return -1
}
}

13

lib/config.js

@@ -10,3 +10,3 @@ var rc = require('rc')

*/
output: 'json',
output: 'json',

@@ -30,3 +30,3 @@ /*

an array of package names that will be excluded from the report
*/
*/
exclude: [],

@@ -45,3 +45,4 @@

'link',
'comment'
'comment',
'installedVersion'
],

@@ -81,2 +82,6 @@

},
installedVersion: {
value: 'n/a',
label: 'installed version'
},
httpRetryOptions: {

@@ -86,2 +91,2 @@ maxAttempts: 5,

}
})
})

2

lib/extractLicense.js

@@ -20,3 +20,3 @@ var util = require('util')

if (typeof json.licenses[i] === 'string' ) {
if (typeof json.licenses[i] === 'string') {
result += json.licenses[i]

@@ -23,0 +23,0 @@ } else {

4

lib/extractLink.js

@@ -13,3 +13,3 @@ var visit = require('visit-values')

var otherUrls = []
visit(json, function(value) {

@@ -25,3 +25,3 @@ if (!isString(value)) return

})
if (otherUrls.length > 0) {

@@ -28,0 +28,0 @@ return otherUrls[0]

6

lib/getPackageReportData.js

@@ -19,2 +19,7 @@ var semver = require('semver')

var installedVersion = packageEntry.version
if (installedVersion.match(/^[\^~].*/)) {
installedVersion = installedVersion.substring(1);
}
var localVersion = semver.validRange(packageEntry.version)

@@ -52,2 +57,3 @@

name: fullPackageName,
installedVersion: installedVersion,
licenseType: extractLicense(versionData),

@@ -54,0 +60,0 @@ link: extractLink(versionData),

19

package.json
{
"name": "license-report",
"version": "3.0.0",
"version": "4.1.0",
"description": "creates a short report about project's dependencies (license, url etc)",
"main": "index.js",
"scripts": {
"test": "mocha -R spec"
"test": "npx mocha -R spec"
},

@@ -23,15 +23,16 @@ "bin": {

"dependencies": {
"async": "^0.9.0",
"debug": "^3.2.6",
"lodash": "^4.17.11",
"async": "^3.2.0",
"debug": "^4.1.1",
"lodash": "^4.17.15",
"rc": "^1.2.8",
"request": "^2.88.0",
"semver": "^5.4.1",
"request": "^2.88.2",
"semver": "^7.3.2",
"stubborn": "^1.2.5",
"text-table": "^0.2.0",
"visit-values": "^1.0.1"
"visit-values": "^2.0.0"
},
"devDependencies": {
"@kessler/exponential-backoff": "^2.0.0"
"@kessler/exponential-backoff": "^2.0.1",
"mocha": "^8.1.3"
}
}

2

README.md

@@ -53,3 +53,3 @@ # license report tool

```
license-report --excluse=async --exclude=rc
license-report --exclude=async --exclude=rc
```

@@ -56,0 +56,0 @@

73

test/endToEnd.test.js

@@ -60,3 +60,4 @@ var cp = require('child_process')

link: 'git+https://github.com/caolan/async.git',
comment: '0.9.2'
comment: '3.2.0',
installedVersion: '3.2.0'
},

@@ -71,3 +72,4 @@ {

link: 'git://github.com/visionmedia/debug.git',
comment: '3.2.6'
comment: '4.3.0',
installedVersion: '4.1.1'
},

@@ -82,3 +84,4 @@ {

link: 'git+https://github.com/lodash/lodash.git',
comment: '4.17.11'
comment: '4.17.20',
installedVersion: '4.17.15'
},

@@ -93,3 +96,4 @@ {

link: 'git+https://github.com/dominictarr/rc.git',
comment: '1.2.8'
comment: '1.2.8',
installedVersion: '1.2.8'
},

@@ -104,3 +108,4 @@ {

link: 'git+https://github.com/request/request.git',
comment: '2.88.0'
comment: '2.88.2',
installedVersion: '2.88.2'
},

@@ -115,3 +120,4 @@ {

link: 'git+https://github.com/npm/node-semver.git',
comment: '5.7.0'
comment: '7.3.2',
installedVersion: '7.3.2'
},

@@ -126,3 +132,4 @@ {

link: 'git://github.com/grudzinski/stubborn.git',
comment: '1.2.5'
comment: '1.2.5',
installedVersion: '1.2.5'
},

@@ -137,3 +144,4 @@ {

link: 'git://github.com/substack/text-table.git',
comment: '0.2.0'
comment: '0.2.0',
installedVersion: '0.2.0'
},

@@ -148,18 +156,57 @@ {

link: 'https://github.com/kessler/node-visit-values',
comment: '1.0.4'
comment: '2.0.0',
installedVersion: '2.0.0'
},
{
comment: '2.0.0',
comment: '2.0.1',
installedVersion: '2.0.1',
department: 'kessler',
licensePeriod: 'perpetual',
licenseType: 'MIT',
link: 'https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.0.tgz',
link: 'https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.1.tgz',
material: 'material',
name: '@kessler/exponential-backoff',
relatedTo: 'stuff'
},
{
comment: '8.1.3',
department: 'kessler',
installedVersion: '8.1.3',
licensePeriod: 'perpetual',
licenseType: 'MIT',
link: 'git+https://github.com/mochajs/mocha.git',
material: 'material',
name: 'mocha',
relatedTo: 'stuff'
}
]
var EXPECTED_TABLE_RESULT = "department related to name license period material / not material license type link comment\n---------- ---------- ---- -------------- ----------------------- ------------ ---- -------\nkessler stuff async perpetual material MIT git+https://github.com/caolan/async.git 0.9.2\nkessler stuff debug perpetual material MIT git://github.com/visionmedia/debug.git 3.2.6\nkessler stuff lodash perpetual material MIT git+https://github.com/lodash/lodash.git 4.17.11\nkessler stuff rc perpetual material (BSD-2-Clause OR MIT OR Apache-2.0) git+https://github.com/dominictarr/rc.git 1.2.8\nkessler stuff request perpetual material Apache-2.0 git+https://github.com/request/request.git 2.88.0\nkessler stuff semver perpetual material ISC git+https://github.com/npm/node-semver.git 5.7.0\nkessler stuff stubborn perpetual material ISC git://github.com/grudzinski/stubborn.git 1.2.5\nkessler stuff text-table perpetual material MIT git://github.com/substack/text-table.git 0.2.0\nkessler stuff visit-values perpetual material MIT https://github.com/kessler/node-visit-values 1.0.4\nkessler stuff @kessler/exponential-backoff perpetual material MIT https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.0.tgz 2.0.0\n"
var EXPECTED_TABLE_RESULT = `department related to name license period material / not material license type link comment installed version
---------- ---------- ---- -------------- ----------------------- ------------ ---- ------- -----------------
kessler stuff async perpetual material MIT git+https://github.com/caolan/async.git 3.2.0 3.2.0
kessler stuff debug perpetual material MIT git://github.com/visionmedia/debug.git 4.3.0 4.1.1
kessler stuff lodash perpetual material MIT git+https://github.com/lodash/lodash.git 4.17.20 4.17.15
kessler stuff rc perpetual material (BSD-2-Clause OR MIT OR Apache-2.0) git+https://github.com/dominictarr/rc.git 1.2.8 1.2.8
kessler stuff request perpetual material Apache-2.0 git+https://github.com/request/request.git 2.88.2 2.88.2
kessler stuff semver perpetual material ISC git+https://github.com/npm/node-semver.git 7.3.2 7.3.2
kessler stuff stubborn perpetual material ISC git://github.com/grudzinski/stubborn.git 1.2.5 1.2.5
kessler stuff text-table perpetual material MIT git://github.com/substack/text-table.git 0.2.0 0.2.0
kessler stuff visit-values perpetual material MIT https://github.com/kessler/node-visit-values 2.0.0 2.0.0
kessler stuff @kessler/exponential-backoff perpetual material MIT https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.1.tgz 2.0.1 2.0.1
kessler stuff mocha perpetual material MIT git+https://github.com/mochajs/mocha.git 8.1.3 8.1.3
`;
var EXPECTED_CSV_RESULT = "department,relatedTo,name,licensePeriod,material,licenseType,link,comment\nkessler,stuff,async,perpetual,material,MIT,git+https://github.com/caolan/async.git,0.9.2\nkessler,stuff,debug,perpetual,material,MIT,git://github.com/visionmedia/debug.git,3.2.6\nkessler,stuff,lodash,perpetual,material,MIT,git+https://github.com/lodash/lodash.git,4.17.11\nkessler,stuff,rc,perpetual,material,(BSD-2-Clause OR MIT OR Apache-2.0),git+https://github.com/dominictarr/rc.git,1.2.8\nkessler,stuff,request,perpetual,material,Apache-2.0,git+https://github.com/request/request.git,2.88.0\nkessler,stuff,semver,perpetual,material,ISC,git+https://github.com/npm/node-semver.git,5.7.0\nkessler,stuff,stubborn,perpetual,material,ISC,git://github.com/grudzinski/stubborn.git,1.2.5\nkessler,stuff,text-table,perpetual,material,MIT,git://github.com/substack/text-table.git,0.2.0\nkessler,stuff,visit-values,perpetual,material,MIT,https://github.com/kessler/node-visit-values,1.0.4\nkessler,stuff,@kessler/exponential-backoff,perpetual,material,MIT,https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.0.tgz,2.0.0\n"
var EXPECTED_CSV_RESULT = `department,relatedTo,name,licensePeriod,material,licenseType,link,comment,installedVersion
kessler,stuff,async,perpetual,material,MIT,git+https://github.com/caolan/async.git,3.2.0,3.2.0
kessler,stuff,debug,perpetual,material,MIT,git://github.com/visionmedia/debug.git,4.3.0,4.1.1
kessler,stuff,lodash,perpetual,material,MIT,git+https://github.com/lodash/lodash.git,4.17.20,4.17.15
kessler,stuff,rc,perpetual,material,(BSD-2-Clause OR MIT OR Apache-2.0),git+https://github.com/dominictarr/rc.git,1.2.8,1.2.8
kessler,stuff,request,perpetual,material,Apache-2.0,git+https://github.com/request/request.git,2.88.2,2.88.2
kessler,stuff,semver,perpetual,material,ISC,git+https://github.com/npm/node-semver.git,7.3.2,7.3.2
kessler,stuff,stubborn,perpetual,material,ISC,git://github.com/grudzinski/stubborn.git,1.2.5,1.2.5
kessler,stuff,text-table,perpetual,material,MIT,git://github.com/substack/text-table.git,0.2.0,0.2.0
kessler,stuff,visit-values,perpetual,material,MIT,https://github.com/kessler/node-visit-values,2.0.0,2.0.0
kessler,stuff,@kessler/exponential-backoff,perpetual,material,MIT,https://registry.npmjs.org/@kessler/exponential-backoff/-/exponential-backoff-2.0.1.tgz,2.0.1,2.0.1
kessler,stuff,mocha,perpetual,material,MIT,git+https://github.com/mochajs/mocha.git,8.1.3,8.1.3
`;
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc