UNPKG

lisense

Version:

A simple but working CLI tool to extract NPM package licenses reliably

github.com/maxstrauch/lisense

maxstrauch/lisense

298 lines (245 loc) 10.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
#!/usr/bin/env node const chalk = require('chalk'); const program = require('commander'); const debug = require('debug'); const fs = require('fs'); const { isValidStartDir, scanNodeModules, filterModulesByProd, extractLicenses, writeJsonResultFile, writeCsvResultFile, writeMarkdownResultFile, compareToWhiteListFile, getDistinctLicenses, printReport, getPackageJsonOfTarget, generateSampleWhitelist } = require('./lisense'); const packageJson = require('./package.json'); program .version(packageJson.version) .option('-d, --dir <directory>', 'The directory to use as base directory to start scanning. Use a - for input mode where a list of directories, one per line, can be provided using stdin', process.cwd()) .option('-p, --prod', 'Only inspect packages used for prod deployment (no devDependencies)', false) .option('-u, --without-url', 'Excludes repository and license url from output', false) .option('-t, --without-parent', 'Excludes the parent information', false) .option('-s, --short', 'Excludes the urls and parent information from output', false) .option('-v, --verbose', 'Enable verbose program output', false) .option('-q, --quiet', 'Force quiet mode on stdout (if errors are thrown they are still outputted but they are printed to stderr)', false) .option('-c, --csv <file>', 'CSV output of results', false) .option('-m, --markdown <file>', 'Markdown output of results', false) .option('-j, --json <file>', 'JSON output of results', false) .option('-f, --fail <license-regex>', 'Fail with exit code 2 if at least one of the license names matches the given regex', null) .option('-r, --report <mode>', 'Generates a report on stderr with one of the modes: none (default), short, long', 'none') .option('-l, --licenses', 'Print a list of used licenses') .option('-z, --fail-on-missing', 'Fails the application with exit code 3 iff there is at least one node_module which cannot be inspected') .option('--pedantic', 'Checks at some places if data can be confirmed from an other source (e.g. NPM)') .option('-w, --whitelist <file>', 'JSON file to define a whitelist of allowed licenses and packages', false) .option('--create-new-whitelist <file>', 'Creates an empty, example whitlist file and exits regardless of any other flag', false) program.parse(process.argv); program.verbose && debug.enable('*'); const quietMode = program.quiet === true; global.quietMode = quietMode; let whitelistData = null; if (program.short) { program.withoutUrl = true; program.withoutParent = true; } async function scan(program, isComineMode) { isComineMode = isComineMode === true; let returnableMods = []; const pkgJson = getPackageJsonOfTarget(program.dir); !quietMode && console.log(`Inspecting node_modules of ${pkgJson.name}@${pkgJson.version} ...`); // Get all node modules relative to the given root dir let [modulesMap, modules] = scanNodeModules(program.dir); if (program.prod) { modules = await filterModulesByProd(program.dir, modules, program.pedantic); } // Failed to find prod modules etc. if (!modules) { return { exitCode: 1, mods: [] }; } const [mods, modsWithout] = extractLicenses(modulesMap, modules, program.withoutUrl); if (modsWithout.length > 0) { console.error(`${chalk.yellow("WARNING:")} Found ${modsWithout.length} modules which could not be inspected:`); modsWithout.forEach((mod) => { console.error(` - ${mod.name}@${mod.version || 'N/A'} (${mod.localPath})`); }); } // Print a report to stdout, if enabled if (program.report && ['short', 'long'].includes(program.report.toLowerCase())) { printReport(mods, program.report.toLowerCase() === 'long'); } // Print a list of all distinct licenses to stdout if (program.licenses) { const licenses = getDistinctLicenses(mods); !quietMode && console.log(`Used licenses (${licenses.length}): ${licenses.join(', ')}`); } if (!isComineMode) { // Write all data to JSON file if (program.json) { if (!writeJsonResultFile(program.json, mods, program.withoutUrl, program.withoutParent)) { return { exitCode: 1, mods: [] }; } } // Write all data to CSV file if (program.csv) { if (!writeCsvResultFile(program.dir, program.csv, mods, program.withoutUrl, program.withoutParent)) { return { exitCode: 1, mods: [] }; } } if (program.markdown) { if (!writeMarkdownResultFile(program.dir, program.markdown, mods, program.withoutUrl, program.withoutParent)) { return { exitCode: 1, mods: [] }; } } } else { returnableMods = mods.map(mod => ({ ...mod, parents: [pkgJson.name] })); } if (program.fail) { const regex = new RegExp(program.fail, 'i'); const licenses = getDistinctLicenses(mods); for (let i = 0; i < licenses.length; i++) { const license = licenses[i]; if (license.match(regex)) { !quietMode && console.log(`${chalk.red("Error:")} the license "${license}" conflicts with the given regex!`); return { exitCode: 2, mods: [] }; } } } // If the option fail-on-missing is set, the program fails with error code 3 // if there is at least one module which can't be scanned if (program.failOnMissing && modsWithout.length > 0) { console.error(`${chalk.red("Error:")} ${modsWithout.length} modules cannot be inspected!`); return { exitCode: 3, mods: [] }; } // Compare the computed list of licenses to the provided list if (program.whitelist && whitelistData) { if (compareToWhiteListFile(whitelistData, mods).length > 0) { return { exitCode: 4, mods: [] }; } } return { exitCode: 0, mods: returnableMods || [] }; } function sortAndMakeUnique(allMods) { const uniqueMods = []; for (let i = 0; i < allMods.length; i++) { let contained = null; for (let j = 0; j < uniqueMods.length; j++) { if ( uniqueMods[j].name === allMods[i].name && uniqueMods[j].version === allMods[i].version && uniqueMods[j].license === allMods[i].license ) { contained = uniqueMods[j]; break; } } if (contained) { contained.parents = [...new Set([...contained.parents, ...allMods[i].parents])]; } else { uniqueMods.push(allMods[i]); } } return uniqueMods.sort((a, b) => (a.name > b.name ? 1 : (a.name < b.name ? -1 : 0))); } async function main() { if (program.createNewWhitelist) { generateSampleWhitelist(program.createNewWhitelist) return; } // Read the whitelist data in early, to fail early and not // go through the entire process of checking to then fail // on loading the JSON file if (program.whitelist) { try { whitelistData = JSON.parse(fs.readFileSync(program.whitelist).toString()); } catch (ex) { console.error(`${chalk.red("Error:")} the whitelist provided is not valid JSON!`); process.exit(1); } } if (program.dir === '-') { // Takes input from stdin and treats every line as a directory, called "input mode" // --- const stdinBuffer = fs.readFileSync(0); const files = stdinBuffer .toString() .split('\n') .map(ln => (ln || '').trim()) .filter(ln => !!ln); if (files.length < 1) { console.error(`${chalk.red("Error:")} no directory list provided on stdin to scan!`); process.exit(1); } const clonedProgram = JSON.parse(JSON.stringify(program)); let allMods = []; for (let i = 0; i < files.length; i++) { clonedProgram.dir = files[i]; if (!isValidStartDir(clonedProgram.dir)) { console.error(`${chalk.red("Error:")} base path "${clonedProgram.dir}" not existing or not a NodeJS project!`); process.exit(1); } !quietMode && console.log(`${i + 1}/${files.length}: ${clonedProgram.dir}`); !quietMode && console.log("----------------------------------------------"); const code = await scan(clonedProgram, true); if (code.exitCode > 0) { process.exit(code.exitCode); } allMods = allMods.concat(code.mods); !quietMode && console.log(" "); } // Extract only the mods which are unique const allUniqueMods = sortAndMakeUnique(allMods); !quietMode && console.log("---"); !quietMode && console.log(`Found ${allMods.length} and reduced them to ${allUniqueMods.length} modules.`); // Write all data to JSON file if (program.json) { writeJsonResultFile(program.json, allUniqueMods, program.withoutUrl, program.withoutParent); } // Write all data to CSV file if (program.csv) { writeCsvResultFile(program.dir, program.csv, allUniqueMods, program.withoutUrl, program.withoutParent); } // Write all data to Markdown file if (program.markdown) { writeMarkdownResultFile(program.dir, program.markdown, allUniqueMods, program.withoutUrl, program.withoutParent); } process.exit(0); // Should not reach here } else { // A normal scan for a given directory // --- if (!isValidStartDir(program.dir)) { console.error(`${chalk.red("Error:")} base path not existing or not a NodeJS project!`); process.exit(1); } const code = await scan(program); process.exit(code.exitCode); } } main().catch((ex) => { console.error(chalk.red("Internal program error: " + ex)); process.exit(1); });