Enhancing how the SPDX ID is extracted from package.json

* hardened the extraction process so it can deal with old packages that do not follow the new “license” field format * expanding the output to include individual parts of the computed “license” output (licenseId, licenseFullName and licenseFilePath) * including module path output when used as a module
SveLil · Jun 25, 2019 · 20842ec · 20842ec
1 parent d4e7027
commit 20842ec
Show file tree

Hide file tree

Showing 9 changed files with 105 additions and 3 deletions.
diff --git a/cli-options.js b/cli-options.js
@@ -12,7 +12,7 @@ module.exports = {
   include: {
     description: 'List of properties to include',
     type: 'array',
-    choices: ['id', 'name', 'version', 'license', 'repository', 'author', 'homepage', 'path', 'dependencyLevel'],
+    choices: ['id', 'name', 'version', 'license', 'licenseId', 'licenseFullName', 'licenseFilePath', 'path',  'repository', 'author', 'homepage', 'path', 'dependencyLevel'],
     default: ['id', 'name', 'version', 'license', 'repository', 'author', 'homepage', 'dependencyLevel']
   },
   production: {

diff --git a/cli.js b/cli.js
diff --git a/formatters/table.js b/formatters/table.js
@@ -13,6 +13,9 @@ module.exports =  function ({data, header}) {
         id: 'Row #',
         name: 'Package Name',
         version: 'Version',
+        licenseId: 'SPDX ID',
+        licenseFullName: 'SPDX Full Name',
+        licenseFilePath: 'Path to license file',
         license: 'License',
         homepage: 'Homepage',
         repository: 'Repository',

diff --git a/helpers/extract-license-id.js b/helpers/extract-license-id.js
@@ -0,0 +1,26 @@
+const { isString, isObject, isArray, compact } = require('lodash')
+
+/**
+ * Deal with all the crazy stuff the "license" field in package.json can have and return only the SPDX ID (if any)
+ *
+ * @param {*} license
+ * @returns {string}
+ */
+module.exports = function extractLicenseText(license) {
+    let licenseText
+    if (isString(license)) {
+        licenseText = license
+
+    } else if (isArray(license)) {
+        const text = license.map(extractLicenseText)
+        licenseText = compact(text).join(' AND ')
+
+    } else if (isObject(license)) {
+        licenseText = license.type
+
+    } else {
+        licenseText = ''
+    }
+
+    return licenseText
+}
diff --git a/helpers/get-spdx-full-name.js b/helpers/get-spdx-full-name.js
@@ -34,8 +34,8 @@ function traverse(obj) {
  */
 module.exports = function (identifier = '') {
 
-    const normalised = identifier.toUpperCase()
     try {
+        const normalised = identifier.toUpperCase()
         let expandedText = ''
         if (normalised === 'UNLICENSED') {
             expandedText = 'Proprietary License'

diff --git a/lib.js b/lib.js
@@ -1,6 +1,9 @@
+const promisify = require('util').promisify
 const npmLs = require('./helpers/npm-list')
 const getPackageDetails = require('./helpers/get-package-details')
 const getExpandedLicName = require('./helpers/get-spdx-full-name')
+const extractLicenseText = require('./helpers/extract-license-id')
+const glob = promisify(require('glob'))
 
 /**
  * Get a list of licenses for any installed project dependencies
@@ -11,12 +14,20 @@ module.exports = async function (options = {}) {
     const pathList = await npmLs(options)
     return  await Promise.all(pathList.map(async (path, index) => {
         const pkg = await getPackageDetails(path)
-        const licShortName = pkg.license
+        const licShortName = extractLicenseText(pkg.license || pkg.licenses)
         const licLongName = getExpandedLicName(licShortName) || 'unknown'
+
+        // find any local licences files and build a path to them
+        const licFilePath = await glob('+(license**|licence**)', {cwd: path, nocase: true, nodir: true})
+            .then(files => files.map(file => `${path}/${file}`))
+
         return {
             id: index,
             name: pkg.name,
             version: pkg.version,
+            licenseId: licShortName,
+            licenseFullName: licLongName,
+            licenseFilePath: licFilePath || [],
             license: `${licLongName} (${licShortName})`,
             repository: (pkg.repository || {}).url,
             author: (pkg.author || {}).name,

diff --git a/package.json b/package.json
@@ -28,9 +28,11 @@
   "author": "Maurice Williams <https://github.com/morficus>",
   "license": "MIT",
   "dependencies": {
+    "glob": "^7.1.4",
     "json2csv": "^4.5.1",
     "jstoxml": "^1.5.0",
     "libnpm": "^2.0.1",
+    "lodash": "^4.17.11",
     "ora": "^3.4.0",
     "read-package-tree": "^5.2.2",
     "spdx-expression-parse": "^3.0.0",

diff --git a/tests/extract-license-id.test.js b/tests/extract-license-id.test.js
@@ -0,0 +1,50 @@
+const extractLicenseText = require('../helpers/extract-license-id')
+const test = require('ava')
+
+test('Can deal with normal things... like text', t => {
+    const payload = 'MIT'
+    const expected = 'MIT'
+    const actual = extractLicenseText(payload)
+
+    t.is(actual, expected)
+})
+
+test('Can deal with  objects', t => {
+    const payload = { type: 'MIT', url: 'some-some' }
+    const expected = 'MIT'
+    const actual = extractLicenseText(payload)
+
+    t.is(actual, expected)
+})
+
+test('Can deal with an array with a single object', t => {
+    const payload = [{ type: 'MIT', url: 'some-some' }]
+    const expected = 'MIT'
+    const actual = extractLicenseText(payload)
+
+    t.is(actual, expected)
+})
+
+test('Can deal with an array with multiple objects', t => {
+    const payload = [{ type: 'MIT', url: 'some-some' }, { type: 'ISC', url: 'some-some' }]
+    const expected = 'MIT AND ISC'
+    const actual = extractLicenseText(payload)
+
+    t.is(actual, expected)
+})
+
+test('Can deal with funky arrays', t => {
+    const payload = [1, '', 'MIT']
+    const expected = 'MIT'
+    const actual = extractLicenseText(payload)
+
+    t.is(actual, expected)
+})
+
+test('Can deal with REALLY funky arrays', t => {
+    const payload = [1, '', 'MIT', { type: 'ISC', url: 'some-url' }]
+    const expected = 'MIT AND ISC'
+    const actual = extractLicenseText(payload)
+
+    t.is(actual, expected)
+})
diff --git a/tests/get-spdx-full-name.test.js b/tests/get-spdx-full-name.test.js
@@ -71,4 +71,14 @@ test('Can handle expressions with "+" in complex expressions', (t) => {
     const actual = getLongName(payload)
 
     t.is(actual, expected)
+})
+
+test('Does not blow up if given a non-string value', (t) => {
+    [null, undefined, 42, ['test'], {test: 'hello'}].forEach(payload => {
+        let expected = ''
+        let actual = getLongName(payload)
+
+        t.is(actual, expected)
+    })
+
 })