deps

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultCoverageThreshold = 75

DefaultCoverageThreshold is the minimum percentage of the file that must contain license text for identifying a license. Reference: https://github.com/golang/pkgsite/blob/d43359e3a135fc391960db4f5800eb081d658412/internal/licenses/licenses.go#L48

View Source 
const PkgFileName = "package.json"
View Source 
const (
	Unknown string = "Unknown"
)

Variables

View Source 
var Resolvers = []Resolver{
	new(GoModResolver),
	new(NpmResolver),
	new(MavenPomResolver),
	new(JarResolver),
	new(CargoTomlResolver),
}

Functions

func Check 

func Check(mainLicenseSpdxID string, config *ConfigDeps, weakCompatible bool) error

func CheckWithMatrix added in v0.4.0 

func CheckWithMatrix(mainLicenseSpdxID string, matrix *CompatibilityMatrix, report *Report, weakCompatible bool) error

func GenerateSummary added in v0.3.0 

func GenerateSummary(tpl *template.Template, head *header.ConfigHeader, rep *Report) (string, error)

GenerateSummary generate the summary content by template, license config and dependency report

func GetLicenseFromURL 

func GetLicenseFromURL(url string, config *ConfigDeps) string

func ParseTemplate added in v0.3.0 

func ParseTemplate(f fs.FS, path string) (*template.Template, error)

func Resolve 

func Resolve(config *ConfigDeps, report *Report) error

func SeemLicense 

func SeemLicense(content string) bool

SeemLicense determine whether the content of the file may be a license file

Types

type CargoMetadata added in v0.4.0 

type CargoMetadata struct {
	Packages []CargoPackage `json:"packages"`
}

type CargoPackage added in v0.4.0 

type CargoPackage struct {
	Name         string `json:"name"`
	Version      string `json:"version"`
	License      string `json:"license"`
	LicenseFile  string `json:"license_file"`
	ManifestPath string `json:"manifest_path"`
}

type CargoTomlResolver added in v0.4.0 

type CargoTomlResolver struct {
	Resolver
}

func (*CargoTomlResolver) CanResolve added in v0.4.0 

func (resolver *CargoTomlResolver) CanResolve(file string) bool

func (*CargoTomlResolver) Resolve added in v0.4.0 

func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error

Resolve resolves licenses of all dependencies declared in the Cargo.toml file.

func (*CargoTomlResolver) ResolvePackageLicense added in v0.4.0 

func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error

ResolvePackageLicense resolve the package license. The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.

func (*CargoTomlResolver) ResolvePackages added in v0.4.0 

func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error

ResolvePackages resolves the licenses of the given packages.

type CompatibilityMatrix added in v0.4.0 

type CompatibilityMatrix struct {
	Compatible     []string `yaml:"compatible"`
	Incompatible   []string `yaml:"incompatible"`
	WeakCompatible []string `yaml:"weak-compatible"`
}

type ConfigDepLicense added in v0.3.0 

type ConfigDepLicense struct {
	Name    string `yaml:"name"`
	Version string `yaml:"version"`
	License string `yaml:"license"`
}

type ConfigDeps 

type ConfigDeps struct {
	Threshold int                 `yaml:"threshold"`
	Files     []string            `yaml:"files"`
	Licenses  []*ConfigDepLicense `yaml:"licenses"`
	Excludes  []Exclude           `yaml:"excludes"`
}

func (*ConfigDeps) Finalize 

func (config *ConfigDeps) Finalize(configFile string) error

func (*ConfigDeps) GetUserConfiguredLicense added in v0.4.0 

func (config *ConfigDeps) GetUserConfiguredLicense(name, version string) (string, bool)

func (*ConfigDeps) IsExcluded added in v0.4.0 

func (config *ConfigDeps) IsExcluded(name, version string) (exclude, recursive bool)

type Dependency 

type Dependency struct {
	GroupID, ArtifactID, Version, Packaging, Scope string
	TransitiveDeps                                 []*Dependency
}

func LoadDependencies 

func LoadDependencies(data []byte, config *ConfigDeps) []*Dependency

func LoadDependenciesTree 

func LoadDependenciesTree(data []byte) []*Dependency

func (*Dependency) Clone 

func (dep *Dependency) Clone() *Dependency

func (*Dependency) Count 

func (dep *Dependency) Count() int

func (*Dependency) Jar 

func (dep *Dependency) Jar() string

func (*Dependency) Name added in v0.4.0 

func (dep *Dependency) Name() string

func (*Dependency) Path 

func (dep *Dependency) Path() string

func (*Dependency) Pom 

func (dep *Dependency) Pom() string

type Exclude added in v0.4.0 

type Exclude struct {
	Name      string `yaml:"name"`
	Version   string `yaml:"version"`
	Recursive bool   `yaml:"recursive"`
}

type GoModResolver 

type GoModResolver struct {
	Resolver
}

func (*GoModResolver) CanResolve 

func (resolver *GoModResolver) CanResolve(file string) bool

func (*GoModResolver) Resolve 

func (resolver *GoModResolver) Resolve(goModFile string, config *ConfigDeps, report *Report) error

Resolve resolves licenses of all dependencies declared in the go.mod file.

func (*GoModResolver) ResolvePackageLicense 

func (resolver *GoModResolver) ResolvePackageLicense(config *ConfigDeps, module *packages.Module, report *Report) error

func (*GoModResolver) ResolvePackages 

func (resolver *GoModResolver) ResolvePackages(modules []*packages.Module, config *ConfigDeps, report *Report) error

ResolvePackages resolves the licenses of the given packages.

type JarResolver 

type JarResolver struct{}

func (*JarResolver) CanResolve 

func (resolver *JarResolver) CanResolve(jarFiles string) bool

func (*JarResolver) IdentifyLicense 

func (resolver *JarResolver) IdentifyLicense(config *ConfigDeps, path, dep, content, version string) (*Result, error)

func (*JarResolver) ReadFileFromZip 

func (resolver *JarResolver) ReadFileFromZip(archiveFile *zip.File) (*bytes.Buffer, error)

func (*JarResolver) Resolve 

func (resolver *JarResolver) Resolve(jarFiles string, config *ConfigDeps, report *Report) error

func (*JarResolver) ResolveJar 

func (resolver *JarResolver) ResolveJar(config *ConfigDeps, state *State, jarFile, version string) (*Result, error)

type Lcs 

type Lcs struct {
	Type string `json:"type"`
	URL  string `json:"url"`
}

Lcs represents the license style in package.json

type LicenseOperator added in v0.4.0 

type LicenseOperator int
const (
	LicenseOperatorNone LicenseOperator = iota
	LicenseOperatorAND
	LicenseOperatorOR
	LicenseOperatorWITH
)

type MavenPomResolver 

type MavenPomResolver struct {
	JarResolver
	// contains filtered or unexported fields
}

func (*MavenPomResolver) CanResolve 

func (resolver *MavenPomResolver) CanResolve(mavenPomFile string) bool

CanResolve determine whether the file can be resolve by name of the file

func (*MavenPomResolver) CheckMVN 

func (resolver *MavenPomResolver) CheckMVN() error

CheckMVN check available maven tools, find local repositories and download all dependencies

func (*MavenPomResolver) FindLocalRepository 

func (resolver *MavenPomResolver) FindLocalRepository() error

func (*MavenPomResolver) FindMaven 

func (resolver *MavenPomResolver) FindMaven(execName string) error

func (*MavenPomResolver) LoadDependencies 

func (resolver *MavenPomResolver) LoadDependencies(config *ConfigDeps) ([]*Dependency, error)

func (*MavenPomResolver) ReadHeaderCommentsFromPom 

func (resolver *MavenPomResolver) ReadHeaderCommentsFromPom(pomFile string) (string, error)

func (*MavenPomResolver) ReadLicensesFromPom 

func (resolver *MavenPomResolver) ReadLicensesFromPom(pomFile string) (*PomFile, error)

func (*MavenPomResolver) Resolve 

func (resolver *MavenPomResolver) Resolve(mavenPomFile string, config *ConfigDeps, report *Report) error

Resolve resolves licenses of all dependencies declared in the pom.xml file.

func (*MavenPomResolver) ResolveDependencies 

func (resolver *MavenPomResolver) ResolveDependencies(deps []*Dependency, config *ConfigDeps, report *Report) error

ResolveDependencies resolves the licenses of the given dependencies

func (*MavenPomResolver) ResolveDeps added in v0.5.0 

func (resolver *MavenPomResolver) ResolveDeps() error

func (*MavenPomResolver) ResolveLicense 

func (resolver *MavenPomResolver) ResolveLicense(config *ConfigDeps, state *State, dep *Dependency, report *Report) error

ResolveLicense search all possible locations of the license, such as pom file, jar package

func (*MavenPomResolver) ResolveLicenseFromPom 

func (resolver *MavenPomResolver) ResolveLicenseFromPom(config *ConfigDeps, state *State, dep *Dependency) (*Result, error)

ResolveLicenseFromPom search for license in the pom file, which may appear in the header comments or in license element of xml

type NpmResolver 

type NpmResolver struct {
	Resolver
}

func (*NpmResolver) CanResolve 

func (resolver *NpmResolver) CanResolve(file string) bool

CanResolve checks whether the given file is the npm package file

func (*NpmResolver) GetInstalledPkgs 

func (resolver *NpmResolver) GetInstalledPkgs(pkgDir string) []*Package

GetInstalledPkgs gathers all the installed packages' names and paths it uses a package directory's relative path from the node_modules directory, to infer its package name

func (*NpmResolver) InstallPkgs 

func (resolver *NpmResolver) InstallPkgs()

InstallPkgs runs command 'npm ci' to install node packages, using `npm ci` instead of `npm install` to ensure the reproducible builds. See https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable

func (*NpmResolver) ListPkgPaths 

func (resolver *NpmResolver) ListPkgPaths() (io.Reader, error)

ListPkgPaths runs npm command to list all the production only packages' absolute paths, one path per line Note that although the flag `--long` can show more information line like a package's name, its realization and printing format is not uniform in different npm-cli versions

func (*NpmResolver) NeedSkipInstallPkgs 

func (resolver *NpmResolver) NeedSkipInstallPkgs() bool

NeedSkipInstallPkgs queries whether to skip the procedure of installing or updating packages

func (*NpmResolver) ParsePkgFile 

func (resolver *NpmResolver) ParsePkgFile(pkgFile string) (*Package, error)

ParsePkgFile parses the content of the package file

func (*NpmResolver) Resolve 

func (resolver *NpmResolver) Resolve(pkgFile string, config *ConfigDeps, report *Report) error

Resolve resolves licenses of all dependencies declared in the package.json file.

func (*NpmResolver) ResolveLcsFile 

func (resolver *NpmResolver) ResolveLcsFile(result *Result, pkgPath string, config *ConfigDeps) error

ResolveLcsFile tries to find the license file to identify the license

func (*NpmResolver) ResolveLicenseField 

func (resolver *NpmResolver) ResolveLicenseField(rawData []byte) (string, bool)

ResolveLicenseField parses and validates the "license" field in package.json file

func (*NpmResolver) ResolveLicensesField 

func (resolver *NpmResolver) ResolveLicensesField(licenses []Lcs) (string, bool)

ResolveLicensesField parses and validates the "licenses" field in package.json file Additionally, the output is converted into the SPDX license expression syntax version 2.0 string, like "ISC OR GPL-3.0"

func (*NpmResolver) ResolvePackageLicense 

func (resolver *NpmResolver) ResolvePackageLicense(pkgName, pkgPath string, config *ConfigDeps) *Result

ResolvePackageLicense resolves the licenses of the given packages. First, try to find and parse the package's package.json file to check the license file If the previous step fails, then try to identify the package's LICENSE file It's a necessary procedure to check the LICENSE file, because the resolver needs to record the license content

func (*NpmResolver) ResolvePkgFile 

func (resolver *NpmResolver) ResolvePkgFile(result *Result, pkgPath string, config *ConfigDeps) error

ResolvePkgFile tries to find and parse the package.json file to capture the license field

type Package 

type Package struct {
	Name     string          `json:"name"`
	License  json.RawMessage `json:"license"`
	Licenses []Lcs           `json:"licenses"`
	Path     string          `json:"-"`
	Version  string          `json:"version"`
}

Package represents package.json License field has inconsistent styles, so we just store the byte array here to postpone unmarshalling

type PomFile 

type PomFile struct {
	XMLName  xml.Name      `xml:"project"`
	Licenses []*XMLLicense `xml:"licenses>license,omitempty"`
}

PomFile is used to extract license from the pom.xml file

func (*PomFile) AllLicenses 

func (pom *PomFile) AllLicenses(config *ConfigDeps) string

AllLicenses return all licenses found in pom.xml file

func (*PomFile) Raw 

func (pom *PomFile) Raw() string

Raw return raw data

type Report 

type Report struct {
	Resolved []*Result
	Skipped  []*Result
}

Report is a collection of resolved Result.

func (*Report) Resolve 

func (report *Report) Resolve(result *Result)

Resolve marks the dependency's license is resolved.

func (*Report) Skip 

func (report *Report) Skip(result *Result)

Skip marks the dependency's license is skipped for some reasons.

func (*Report) String 

func (report *Report) String() string

type Resolver 

type Resolver interface {
	CanResolve(string) bool
	Resolve(string, *ConfigDeps, *Report) error
}

type Result 

type Result struct {
	Dependency      string
	LicenseFilePath string
	LicenseContent  string
	LicenseSpdxID   string
	ResolveErrors   []error
	Version         string
}

Result is a single item that represents a resolved dependency license.

type SpdxID 

type SpdxID string

type State 

type State int
const (
	FoundLicenseInPomHeader State = 1 << iota
	FoundLicenseInJarLicenseFile
	FoundLicenseInJarManifestFile
	NotFound State = 0
)

func (*State) String 

func (s *State) String() string

type SummaryRenderContext added in v0.3.0 

type SummaryRenderContext struct {
	LicenseContent string                       // Current project license content
	Groups         []*SummaryRenderLicenseGroup // All dependency license groups
}

type SummaryRenderLicense added in v0.3.0 

type SummaryRenderLicense struct {
	Name      string // Dependency name
	Version   string // Dependency version
	LicenseID string // License ID
}

type SummaryRenderLicenseGroup added in v0.3.0 

type SummaryRenderLicenseGroup struct {
	LicenseID string                  // Aggregate all same license ID dependencies
	Deps      []*SummaryRenderLicense // Same license ID dependencies
}

type XMLLicense 

type XMLLicense struct {
	Name         string `xml:"name,omitempty"`
	URL          string `xml:"url,omitempty"`
	Distribution string `xml:"distribution,omitempty"`
	Comments     string `xml:"comments,omitempty"`
}

func (*XMLLicense) Item 

func (l *XMLLicense) Item(config *ConfigDeps) string

func (*XMLLicense) Raw 

func (l *XMLLicense) Raw() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.