Merge branch 'main' into sort

jslicense · Sep 3, 2024 · d9303ad · d9303ad
2 parents 78ab7b9 + e0e7c65
commit d9303ad
Show file tree

Hide file tree

Showing 29 changed files with 181 additions and 40 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,5 +9,5 @@ jobs:
   tests:
     uses: ljharb/actions/.github/workflows/node-majors.yml@main
     with:
-      range: '>= 14.17'
+      range: '^18.12 || ^20.9 || >= 22.7'
       command: 'npm run tests-only && npm run licenses'
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
 **/.package-lock.json
-/.nyc-output
+/.nyc_output
 /node_modules
 /package-lock.json
diff --git a/.licensee.json b/.licensee.json
@@ -12,6 +12,7 @@
     "doctrine": "1.5.0",
     "esutils": "2.0.2",
     "json-schema": "0.2.3",
+    "jsonp": "0.2.1",
     "wordwrap": "0.0.2",
     "longest": "1.0.1",
     "repeat-element": "1.1.2"

diff --git a/index.js b/index.js
@@ -3,7 +3,7 @@ module.exports = licensee
 var Arborist = require('@npmcli/arborist')
 var blueOakList = require('@blueoak/list')
 var correctLicenseMetadata = require('correct-license-metadata')
-var has = require('has')
+var hasOwn = require('hasown')
 var npmLicenseCorrections = require('npm-license-corrections')
 var osi = require('spdx-osi')
 var parse = require('spdx-expression-parse')
@@ -56,15 +56,21 @@ function validConfiguration (configuration) {
     isObject(configuration) &&
     has(configuration, 'licenses') &&
     isObject(configuration.licenses) &&
-    has(configuration, 'packages')
+    (!has(configuration.licenses, 'blueOak') ||
+      (
+        blueOakList.some(({ name }) =>
+          name.toLowerCase() === configuration.licenses.blueOak.toLowerCase()
+        )
+      )) &&
+    (has(configuration, 'packages')
       ? (
         // Validate `packages` property.
         isObject(configuration.packages) &&
         Object.keys(configuration.packages)
           .every(function (key) {
             return isString(configuration.packages[key])
           })
-      ) : true
+      ) : true)
   )
 }
 
@@ -280,3 +286,7 @@ function pushMissing (source, sink) {
     if (sink.indexOf(element) === -1) sink.push(element)
   })
 }
+
+function has (object, key) {
+  return hasOwn(object, key) && object[key] !== undefined
+}
diff --git a/licensee b/licensee
@@ -1,8 +1,7 @@
 #!/usr/bin/env node
-var access = require('fs-access')
 var docopt = require('docopt')
 var fs = require('fs')
-var has = require('has')
+var has = require('hasown')
 var path = require('path')
 var validSPDX = require('spdx-expression-validate')
 
@@ -87,7 +86,7 @@ if (options['--init']) {
   }
   checkDependencies()
 } else {
-  access(configurationPath, function (error) {
+  fs.access(configurationPath, fs.constants.R_OK, function (error) {
     if (error) {
       die(
         [

diff --git a/package.json b/package.json
@@ -1,23 +1,22 @@
 {
   "name": "licensee",
   "description": "check dependency licenses against rules",
-  "version": "9.0.0",
+  "version": "11.0.0",
   "author": "Kyle E. Mitchell <[email protected]> (https://kemitchell.com/)",
   "contributors": [
     "Jakob Krigovsky <[email protected]>",
     "Brett Zamir <[email protected]>",
     "Andrew Monks <[email protected]>"
   ],
   "dependencies": {
-    "@blueoak/list": "^9.0.0",
-    "@npmcli/arborist": "^6.1.2",
+    "@blueoak/list": "^15.0.0",
+    "@npmcli/arborist": "^6.5.0",
     "correct-license-metadata": "^1.4.0",
     "docopt": "^0.6.2",
-    "fs-access": "^2.0.0",
-    "has": "^1.0.3",
+    "hasown": "^2.0.0",
     "npm-license-corrections": "^1.6.2",
-    "semver": "^7.3.8",
-    "spdx-expression-parse": "^3.0.1",
+    "semver": "^7.6.0",
+    "spdx-expression-parse": "^4.0.0",
     "spdx-expression-validate": "^2.0.0",
     "spdx-osi": "^3.0.0",
     "spdx-whitelisted": "^1.0.0"
@@ -29,24 +28,26 @@
     "licensee"
   ],
   "devDependencies": {
-    "aud": "^2.0.1",
+    "aud": "^2.0.4",
+    "ls-engines": "^0.9.3",
     "rimraf": "^3.0.2",
     "run-parallel": "^1.2.0",
     "spawn-sync": "^2.0.0",
-    "standard": "^14.3.1",
+    "standard": "^14.3.4",
     "tap": "^16.3.0"
   },
   "license": "Apache-2.0",
   "repository": "jslicense/licensee.js",
   "scripts": {
     "licenses": "./licensee --errors-only",
-    "lint": "standard index.js licensee test/**/test.js",
+    "lint": "standard index.js licensee tests/**/*.js",
     "pretest": "npm run lint",
+    "postlint": "ls-engines --current",
     "tests-only": "tap --no-check-coverage tests/unit.test.js tests/**/test.js",
     "test": "npm run tests-only",
     "posttest": "aud --production"
   },
   "engines": {
-    "node": ">= 14.17"
+    "node": "^18.12 || ^20.9 || >= 22.7"
   }
 }
diff --git a/tests/blue-oak-misspelled/package.json b/tests/blue-oak-misspelled/package.json
@@ -0,0 +1,4 @@
+{
+  "name": "blue-oak-misspelled",
+  "private": true
+}
diff --git a/tests/blue-oak-misspelled/test.js b/tests/blue-oak-misspelled/test.js
@@ -0,0 +1,5 @@
+var tap = require('tap')
+
+var results = require('../run')(['--blueoak=foobar'], __dirname)
+
+tap.equal(results.status, 1)
diff --git a/tests/osi-fail/.licensee.json b/tests/osi-fail/.licensee.json
@@ -0,0 +1,6 @@
+{
+  "licenses": {
+    "osi": true
+  },
+  "packages": {}
+}
diff --git a/tests/osi-fail/node_modules/.package-lock.json b/tests/osi-fail/node_modules/.package-lock.json
diff --git a/tests/osi-fail/node_modules/cc0-1.0-licensed/index.js b/tests/osi-fail/node_modules/cc0-1.0-licensed/index.js
diff --git a/tests/osi-fail/node_modules/cc0-1.0-licensed/package.json b/tests/osi-fail/node_modules/cc0-1.0-licensed/package.json
diff --git a/tests/osi-fail/package.json b/tests/osi-fail/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "osi-fail",
+  "dependencies": {
+    "cc0-1.0-licensed": "1.0.0"
+  },
+  "private": true
+}
diff --git a/tests/osi-fail/test.js b/tests/osi-fail/test.js
@@ -0,0 +1,5 @@
+var tap = require('tap')
+
+var results = require('../run')([], __dirname)
+
+tap.equal(results.status, 1)
diff --git a/tests/osi-flag-fail/node_modules/.package-lock.json b/tests/osi-flag-fail/node_modules/.package-lock.json
diff --git a/tests/osi-flag-fail/node_modules/cc0-1.0-licensed/index.js b/tests/osi-flag-fail/node_modules/cc0-1.0-licensed/index.js
diff --git a/tests/osi-flag-fail/node_modules/cc0-1.0-licensed/package.json b/tests/osi-flag-fail/node_modules/cc0-1.0-licensed/package.json
diff --git a/tests/osi-flag-fail/package.json b/tests/osi-flag-fail/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "osi-flag-pass",
+  "dependencies": {
+    "cc0-1.0-licensed": "1.0.0"
+  },
+  "private": true
+}
diff --git a/tests/osi-flag-fail/test.js b/tests/osi-flag-fail/test.js
@@ -0,0 +1,5 @@
+var tap = require('tap')
+
+var results = require('../run')(['--osi'], __dirname)
+
+tap.equal(results.status, 1)
diff --git a/tests/osi-flag-pass/package.json b/tests/osi-flag-pass/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "osi-flag-pass",
+  "dependencies": {
+    "gpl-2.0-licensed": "1.0.0"
+  },
+  "private": true
+}
diff --git a/tests/osi-flag-pass/test.js b/tests/osi-flag-pass/test.js
@@ -0,0 +1,5 @@
+var tap = require('tap')
+
+var results = require('../run')(['--osi'], __dirname)
+
+tap.equal(results.status, 0)
diff --git a/tests/osi-pass/package.json b/tests/osi-pass/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "blue-oak-fail",
+  "name": "osi-pass",
   "dependencies": {
     "gpl-2.0-licensed": "1.0.0"
   },

diff --git a/tests/symlinked-node-modules/.licensee.json b/tests/symlinked-node-modules/.licensee.json
@@ -0,0 +1,13 @@
+{
+  "licenses": {
+    "spdx": [
+      "Apache-2.0"
+    ]
+  },
+  "packages": {},
+  "ignore": [
+    {
+      "prefix": "mit-"
+    }
+  ]
+}
diff --git a/tests/symlinked-node-modules/node_modules/mit-licensed/index.js b/tests/symlinked-node-modules/node_modules/mit-licensed/index.js
diff --git a/tests/symlinked-node-modules/node_modules/mit-licensed/package.json b/tests/symlinked-node-modules/node_modules/mit-licensed/package.json
diff --git a/tests/symlinked-node-modules/package-lock.json b/tests/symlinked-node-modules/package-lock.json
diff --git a/tests/symlinked-node-modules/package.json b/tests/symlinked-node-modules/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "allowed",
+  "dependencies": {
+    "mit-licensed": "1.0.0"
+  },
+  "private": true
+}
diff --git a/tests/symlinked-node-modules/test.js b/tests/symlinked-node-modules/test.js
@@ -0,0 +1,5 @@
+var tap = require('tap')
+
+var results = require('../run')([], __dirname)
+
+tap.equal(results.status, 0)
diff --git a/tests/unlicensed-subdependency/test.js b/tests/unlicensed-subdependency/test.js
@@ -1,26 +1,15 @@
 var tap = require('tap')
 
-var results = require('../run')([], __dirname)
+var results = require('../run')(['--ndjson'], __dirname)
 
 tap.equal(results.status, 1)
 
-tap.equal(
-  results.stdout.trim(),
-  [
-    '[email protected]',
-    '  NOT APPROVED',
-    '  Terms: MIT',
-    '  Repository: jslicense/mit-licensed-depends-on-not-licensed.js',
-    '  Homepage: None listed',
-    '  Author: Kyle E. Mitchell <[email protected]> (https://kemitchell.com/)',
-    '  Contributors: None listed',
-    '',
-    '[email protected]',
-    '  NOT APPROVED',
-    '  Terms: Invalid license metadata',
-    '  Repository: jslicense/not-licensed.js',
-    '  Homepage: None listed',
-    '  Author: Kyle E. Mitchell <[email protected]> (https://kemitchell.com/)',
-    '  Contributors: None listed'
-  ].join('\n')
+var output = results.stdout.trim().split('\n').map(line => JSON.parse(line))
+
+tap.assert(
+  output.some(result => result.name === 'mit-licensed-depends-on-not-licensed' && result.approved === false)
+)
+
+tap.assert(
+  output.some(result => result.name === 'not-licensed' && result.approved === false)
 )