Comparing version 5.1.0 to 6.0.0
127
index.js
module.exports = licensee | ||
var licenseSatisfies = require('spdx-satisfies') | ||
var npmLicenseCorrections = require('npm-license-corrections') | ||
var parseJSON = require('json-parse-errback') | ||
@@ -151,3 +152,19 @@ var readPackageTree = require('read-package-tree') | ||
) { | ||
results.push(resultForPackage(configuration, child)) | ||
var result = resultForPackage(configuration, child) | ||
// Deduplicate. | ||
var existing = results.find(function (existing) { | ||
return ( | ||
existing.name === result.name && | ||
existing.version === result.version | ||
) | ||
}) | ||
if (existing) { | ||
if (existing.duplicates) { | ||
existing.duplicates.push(result) | ||
} else { | ||
existing.duplicates = [result] | ||
} | ||
} else { | ||
results.push(result) | ||
} | ||
findIssues(configuration, child, dependencies, results) | ||
@@ -187,6 +204,51 @@ } | ||
} | ||
// Find and apply any license metadata correction. | ||
var correction = ( | ||
configuration.corrections && | ||
npmLicenseCorrections.find(function (correction) { | ||
return ( | ||
correction.name === result.name && | ||
correction.version === result.version | ||
) | ||
}) | ||
) | ||
if (correction) { | ||
result.license = correction.license | ||
result.corrected = true | ||
} | ||
// Check if ignored. | ||
var ignore = configuration.ignore | ||
if (ignore && Array.isArray(ignore)) { | ||
var ignored = ignore.some(function (ignore) { | ||
if (typeof ignore !== 'object') return false | ||
if ( | ||
ignore.prefix && | ||
typeof ignore.prefix === 'string' && | ||
startsWith(result.name, ignore.prefix) | ||
) return true | ||
if ( | ||
ignore.scope && | ||
typeof ignore.scope === 'string' && | ||
startsWith(result.name, '@' + ignore.scope + '/') | ||
) return true | ||
if ( | ||
ignore.author && | ||
typeof ignore.author === 'string' && | ||
personMatches(result.author, ignore.author) | ||
) return true | ||
return false | ||
}) | ||
if (ignored) { | ||
result.approved = true | ||
result.ignored = ignored | ||
return result | ||
} | ||
} | ||
// Check if whitelisted. | ||
var whitelisted = Object.keys(whitelist).some(function (name) { | ||
return ( | ||
tree.package.name === name && | ||
satisfies(tree.package.version, whitelist[name]) === true | ||
result.name === name && | ||
satisfies(result.version, whitelist[name]) === true | ||
) | ||
@@ -197,19 +259,50 @@ }) | ||
result.whitelisted = true | ||
return result | ||
} | ||
// Check against licensing rule. | ||
var matchesRule = ( | ||
licenseExpression && | ||
validSPDX(licenseExpression) && | ||
result.license && | ||
typeof result.license === 'string' && | ||
validSPDX(result.license) && | ||
licenseSatisfies(result.license, licenseExpression) | ||
) | ||
if (matchesRule) { | ||
result.approved = true | ||
result.rule = true | ||
} else { | ||
var matchesRule = ( | ||
licenseExpression && | ||
validSPDX(licenseExpression) && | ||
tree.package.license && | ||
typeof tree.package.license === 'string' && | ||
validSPDX(tree.package.license) && | ||
licenseSatisfies(tree.package.license, licenseExpression) | ||
) | ||
if (matchesRule) { | ||
result.approved = true | ||
result.rule = true | ||
} else { | ||
result.approved = false | ||
} | ||
result.approved = false | ||
} | ||
return result | ||
} | ||
function startsWith (string, prefix) { | ||
return string.toLowerCase().indexOf(prefix.toLowerCase()) === 0 | ||
} | ||
function personMatches (person, string) { | ||
if (!person) return false | ||
if (typeof person === 'string') { | ||
return contains(person, string) | ||
} | ||
if (typeof person === 'object') { | ||
if (matches('name')) return true | ||
if (matches('email')) return true | ||
if (matches('url')) return true | ||
} | ||
return false | ||
function matches (key) { | ||
return ( | ||
person[key] && | ||
typeof person[key] === 'string' && | ||
contains(person[key], string) | ||
) | ||
} | ||
} | ||
function contains (string, substring) { | ||
return string.toLowerCase().indexOf(substring.toLowerCase()) !== -1 | ||
} |
{ | ||
"name": "licensee", | ||
"description": "check dependency licenses against rules", | ||
"version": "5.1.0", | ||
"version": "6.0.0", | ||
"author": "Kyle E. Mitchell <kyle@kemitchell.com> (https://kemitchell.com/)", | ||
@@ -13,2 +13,3 @@ "contributors": [ | ||
"json-parse-errback": "^2.0.1", | ||
"npm-license-corrections": "^1.0.0", | ||
"read-package-tree": "^5.2.1", | ||
@@ -36,5 +37,5 @@ "run-parallel": "^1.1.9", | ||
"scripts": { | ||
"style": "standard", | ||
"style": "standard index.js", | ||
"test": "tap tests/**/test.js" | ||
} | ||
} |
@@ -18,3 +18,9 @@ Check npm package dependency license metadata against rules. | ||
"optimist": "<=0.6.1" | ||
} | ||
}, | ||
"corrections": false, | ||
"ignore": [ | ||
{"scope": "kemitchell"}, | ||
{"prefix": "commonform-"}, | ||
{"author": "Kyle E. Mitchell"} | ||
] | ||
} | ||
@@ -39,2 +45,23 @@ ``` | ||
The `corrections` flag toggles community corrections to npm package | ||
license metadata. When enabled, `licensee` will check `license` and | ||
`whitelist` against `license` values from [npm-license-corrections] | ||
when available. | ||
[npm-license-corrections]: https://www.npmjs.com/package/npm-license-corrections | ||
The optional `ignore` array instructs `licensee` to approve packages | ||
without considering their `license` metadata. Ignore rules can take | ||
one of three forms: | ||
1. `{"scope":"x"}` ignores all packages in scope `x`, like `@x/y`. | ||
2. `{"prefix":"x"}` ignores all packages whose names start with `x`, | ||
but not scoped packages whose scopes do not match, like `@y/x`. | ||
3. `{"author":"x"}` ignores all packages whose authors' names, | ||
e-mail addresses, or URLs contain `x`. | ||
All ignore rules are case-insensitive. | ||
# Use | ||
@@ -41,0 +68,0 @@ |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
31360
285
160
10
+ Addednpm-license-corrections@1.6.2(transitive)