You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ma...@apache.org on 2014/10/03 22:39:36 UTC
git commit: CB-6722 add feature to check licenses of third-party
dependencies
Repository: cordova-coho
Updated Branches:
refs/heads/master ce2cd9c4e -> 0bcba2759
CB-6722 add feature to check licenses of third-party dependencies
Project: http://git-wip-us.apache.org/repos/asf/cordova-coho/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-coho/commit/0bcba275
Tree: http://git-wip-us.apache.org/repos/asf/cordova-coho/tree/0bcba275
Diff: http://git-wip-us.apache.org/repos/asf/cordova-coho/diff/0bcba275
Branch: refs/heads/master
Commit: 0bcba2759b343badb277ec54e003a5a9b89737ca
Parents: ce2cd9c
Author: Edna Morales <ey...@us.ibm.com>
Authored: Fri Oct 3 15:39:45 2014 -0400
Committer: Edna Morales <ey...@us.ibm.com>
Committed: Fri Oct 3 15:39:45 2014 -0400
----------------------------------------------------------------------
.DS_Store | Bin 6148 -> 0 bytes
package.json | 4 +-
src/check-license.js | 189 ++++++++++++++++++++++++++++++++++++++++++++
src/main.js | 4 +
src/validLicenses.json | 24 ++++++
5 files changed, 220 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-coho/blob/0bcba275/.DS_Store
----------------------------------------------------------------------
diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index 045093f..0000000
Binary files a/.DS_Store and /dev/null differ
http://git-wip-us.apache.org/repos/asf/cordova-coho/blob/0bcba275/package.json
----------------------------------------------------------------------
diff --git a/package.json b/package.json
index 59b4bcf..cdb4efe 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,9 @@
"optimist": "0.4",
"q": "~0.9",
"request": "2.22.0",
- "shelljs": "0.1.4"
+ "shelljs": "0.1.4",
+ "nlf": "1.1.0",
+ "treeify": "1.0.1"
},
"repository": {
"type": "git",
http://git-wip-us.apache.org/repos/asf/cordova-coho/blob/0bcba275/src/check-license.js
----------------------------------------------------------------------
diff --git a/src/check-license.js b/src/check-license.js
new file mode 100644
index 0000000..43a78dd
--- /dev/null
+++ b/src/check-license.js
@@ -0,0 +1,189 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+var nlf = require('nlf'),
+ treeify = require('treeify'),
+ optimist = require('optimist'),
+ fs = require('fs'),
+ path = require('path'),
+ Q = require('q'),
+ flagutil = require('./flagutil');
+
+var jsonObject = {},
+ validLicenses = [],
+ licensesFile = path.join('cordova-coho', 'src', 'validLicenses.json'),
+ reposWithDependencies = [],
+ flagged = [];
+
+module.exports = function*(argv) {
+ var opt = flagutil.registerRepoFlag(optimist)
+ opt = flagutil.registerHelpFlag(opt);
+ var argv = opt
+ .usage('Go through each specified repo and check the licenses of node modules that are 3rd-party dependencies.\n\n' +
+ 'Usage: $0 check-license --repo=name [--repo=othername]')
+ .argv;
+
+ if (argv.h) {
+ optimist.showHelp();
+ process.exit(1);
+ }
+ var repos = flagutil.computeReposFromFlag(argv.r);
+ checkLicense(repos);
+};
+
+function getRepoLicense(repoName){
+ return Q.nfapply(nlf.find, [{
+ directory : path.join(process.cwd(), repoName)
+ }
+ ]).then(function (p) {
+ return p;
+ });
+}
+function checkLicense(repos) {
+
+ //get the license info for each repo's dependencies and subdependencies
+ var results = [];
+ var previous = Q.resolve();
+ repos.forEach(function(repo) {
+ previous = previous.then(function() {
+ if (fs.existsSync(repo.repoName) && (fs.existsSync(path.join(repo.repoName, 'package.json')) || (fs.existsSync(path.join(repo.repoName, repo.repoName, 'package.json'))))) {
+ reposWithDependencies.push(repo.repoName);
+ if (repo.repoName == 'cordova-lib')
+ return getRepoLicense(path.join(repo.repoName, repo.repoName)); //go into inner cordova-lib to get packages
+ return getRepoLicense(repo.repoName);
+ }
+ else
+ Q.resolve('Repo directory does not exist: ' + repos.repoName + '. First run coho repo-clone.'); //don't end execution if repo doesn't have dependencies or doesn't exist
+
+ }).then(function (data) {
+ results.push(data); //push the result of this repo to the results array for later processing
+ });
+ });
+
+ //process the results after the licenses for all repos have been retrieved
+ previous.then(function(result) {
+ processResults(results, repos);
+ }, function(err) {
+ console.log(err);
+ });
+}
+
+//process the results of each repo
+function processResults(results, repos) {
+ //get valid licenses file to flag packages
+ validLicenses = fs.readFileSync(licensesFile, 'utf8');
+ if (!validLicenses)
+ {
+ console.log('No valid licenses file. Please make sure it exists.');
+ return;
+ }
+ validLicenses = (JSON.parse(validLicenses)).validLicenses;
+
+ //go through each repo, get its dependencies and add to json object
+ for (var i = 0; i < results.length; ++i) {
+ if (reposWithDependencies.indexOf(repos[i].repoName) > -1)
+ {
+ var repoJsonObj = {};
+ repoJsonObj.dependencies = getDependencies(results[i]);
+ jsonObject[repos[i].repoName] = repoJsonObj;
+ }
+ }
+
+ //output results (license info for all packages + list of flagged packages)
+ console.log('Below is the license info for all the packages');
+ console.log(treeify.asTree(jsonObject, true));
+ console.log('\n***********************************************************************************************************************');
+ console.log('***********************************************************************************************************************');
+ console.log('***********************************************************************************************************************\n');
+ console.log(flagged.length + ' packages were flagged. Please verify manually that the licenses are valid. See those packages below.');
+ for (var j = 0; j < flagged.length; ++j)
+ {
+ console.log(treeify.asTree(flagged[j], true));
+ }
+ console.log(flagged.length + ' packages were flagged. Please verify manually that the licenses are valid. See those packages above.');
+}
+
+//get dependencies for a repo
+function getDependencies(packages) {
+ var dependencies = [];
+ for (var j = 0; j < packages.length; ++j)
+ {
+ //pull out only relevant info and add to dependencies array
+ var obj = {};
+ obj.name = packages[j].name;
+ obj.id = packages[j].id;
+ obj.directory = [packages[j].directory];
+ obj.licenses = packages[j].licenseSources.package.sources;
+ dependencies.push(obj);
+
+ //flag any packages whose licenses may not be compatible
+ if (!hasValidLicense(obj))
+ {
+ var duplicate = false;
+ //avoid duplicating already flagged packages
+ for (var z = 0; z < flagged.length; ++z)
+ {
+ if (flagged[z].id == obj.id)
+ {
+ duplicate = true;
+ break;
+ }
+ }
+
+ if (duplicate)
+ flagged[z].directory = flagged[z].directory.concat(obj.directory); //if it is already flagged then just add the directory to the directories array
+
+ else
+ flagged.push(JSON.parse(JSON.stringify(obj)));
+ }
+ }
+
+ return dependencies;
+}
+
+//check if package has valid licenses
+function hasValidLicense(package) {
+ var isValid = false;
+
+ if (package.licenses.length == 0)
+ return isValid;
+
+ else
+ {
+ //go through each license of the package
+ for (var x = 0; x < package.licenses.length; ++x)
+ {
+ isValid = false;
+
+ //go through valid licenses and try to match with package license
+ for (var y = 0; y < validLicenses.length; ++y)
+ {
+ var pattern = new RegExp(validLicenses[y], "gi"); //construct regular expression from valid license
+ if ((package.licenses[x].license).match(pattern)) //match it against the package license
+ isValid = true;
+ }
+
+ //shortcut - if one license isn't valid then go ahead and flag it
+ if (isValid == false)
+ break;
+ }
+ }
+
+ return isValid;
+}
http://git-wip-us.apache.org/repos/asf/cordova-coho/blob/0bcba275/src/main.js
----------------------------------------------------------------------
diff --git a/src/main.js b/src/main.js
index 74f7523..9329604 100644
--- a/src/main.js
+++ b/src/main.js
@@ -121,6 +121,10 @@ module.exports = function() {
name: 'npm-link',
desc: 'Does an "npm link" of dependent modules that we own.',
entryPoint: lazyRequire('./npm-link')
+ }, {
+ name: 'check-license',
+ desc: 'Go through each specified repo and check the licenses of node modules that are 3rd-party dependencies.',
+ entryPoint: lazyRequire('./check-license')
}
];
var commandMap = {};
http://git-wip-us.apache.org/repos/asf/cordova-coho/blob/0bcba275/src/validLicenses.json
----------------------------------------------------------------------
diff --git a/src/validLicenses.json b/src/validLicenses.json
new file mode 100644
index 0000000..bb0b4a6
--- /dev/null
+++ b/src/validLicenses.json
@@ -0,0 +1,24 @@
+{
+ "validLicenses": [
+ "Apache",
+ "BSD",
+ "MIT(\\/X11)?",
+ "ICU",
+ "NCSA",
+ "W3C",
+ "Xnet",
+ "zlib",
+ "FSF",
+ "A(cademic )?F(ree )?L(icense)?",
+ "(OOXML|XSD|ECMA)",
+ "CC-A",
+ "B(oost )?S(oftware )?L(icense)?",
+ "dejavu",
+ "M(icro)?S((-|oft ))?P(ublic )?L(icense)?",
+ "Creative Commons Copyright-Only Dedication",
+ "Adobe Postscript(\\(R\\))? AFM",
+ "S(ervice )?C(omponent )?A(rchitecture)? Specifications",
+ "E(clipse )?D(istribution )?L(icense)?",
+ "P(ython )?S(oftware )?F(oundation )?L(icense)?"
+ ]
+}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org