From 6e763fe37e833a9f3fc07229af8c468cfe7a9934 Mon Sep 17 00:00:00 2001 From: "Kyle E. Mitchell" Date: Thu, 2 Jun 2022 14:09:10 -0700 Subject: [PATCH] Clobber .package-lock.json files --- .gitignore | 1 + index.js | 39 ++++++++++++------- tests/allowed/node_modules/.package-lock.json | 12 ------ .../node_modules/.package-lock.json | 17 -------- .../apache-2.0-mit-allowed/package-lock.json | 17 -------- .../node_modules/.package-lock.json | 12 ------ .../node_modules/.package-lock.json | 12 ------ .../node_modules/.package-lock.json | 11 ------ .../node_modules/.package-lock.json | 12 ------ .../node_modules/.package-lock.json | 12 ------ .../node_modules/.package-lock.json | 29 -------------- .../node_modules/.package-lock.json | 12 ------ tests/out-of-allowed-range/test.js | 4 +- .../node_modules/.package-lock.json | 18 --------- .../node_modules/.package-lock.json | 20 ---------- tests/unlicensed-subdependency/test.js | 8 ++-- 16 files changed, 33 insertions(+), 203 deletions(-) create mode 100644 .gitignore delete mode 100644 tests/allowed/node_modules/.package-lock.json delete mode 100644 tests/apache-2.0-mit-allowed/node_modules/.package-lock.json delete mode 100644 tests/apache-2.0-mit-allowed/package-lock.json delete mode 100644 tests/blue-oak-fail/node_modules/.package-lock.json delete mode 100644 tests/blue-oak-gold-mit/node_modules/.package-lock.json delete mode 100644 tests/licenses-array-with-corrections/node_modules/.package-lock.json delete mode 100644 tests/mit-not-allowed/node_modules/.package-lock.json delete mode 100644 tests/no-allowlist/node_modules/.package-lock.json delete mode 100644 tests/optimist-without-corrections/node_modules/.package-lock.json delete mode 100644 tests/out-of-allowed-range/node_modules/.package-lock.json delete mode 100644 tests/production-only/node_modules/.package-lock.json delete mode 100644 tests/unlicensed-subdependency/node_modules/.package-lock.json diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cca8a45 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/.package-lock.json diff --git a/index.js b/index.js index 5b1a16e..e5c6b9b 100644 --- a/index.js +++ b/index.js @@ -1,12 +1,14 @@ module.exports = licensee -var blueOakList = require('@blueoak/list') var Arborist = require('@npmcli/arborist') +var blueOakList = require('@blueoak/list') var correctLicenseMetadata = require('correct-license-metadata') +var fs = require('fs') var has = require('has') var npmLicenseCorrections = require('npm-license-corrections') var osi = require('spdx-osi') var parse = require('spdx-expression-parse') +var joinPath = require('path').join var satisfies = require('semver').satisfies var spdxAllowed = require('spdx-whitelisted') @@ -33,18 +35,29 @@ function licensee (configuration, path, callback) { ) { callback(new Error('No licenses or packages allowed.')) } else { - var arborist = new Arborist({ path }) - arborist.loadActual() - .catch(function (error) { - return callback(error) - }) - .then(function (tree) { - var children = Array.from(tree.children.values()) - if (configuration.filterPackages) { - children = configuration.filterPackages(children) - } - callback(null, findIssues(configuration, children, [])) - }) + // Delete node_modules/.package-lock.json, Arborist/npm's + // on-disk cache of the resolved package tree, if + // present. When this is present, it may or may + // not include license metadata for packages. See + // https://github.com/jslicense/licensee.js/issues/64#issuecomment-1145256328= + fs.rm( + joinPath(path, 'node_modules', '.package-lock.json'), + { force: true }, + function (/* ignore errors */) { + var arborist = new Arborist({ path }) + arborist.loadActual() + .catch(function (error) { + return callback(error) + }) + .then(function (tree) { + var children = Array.from(tree.children.values()) + if (configuration.filterPackages) { + children = configuration.filterPackages(children) + } + callback(null, findIssues(configuration, children, [])) + }) + } + ) } } diff --git a/tests/allowed/node_modules/.package-lock.json b/tests/allowed/node_modules/.package-lock.json deleted file mode 100644 index bf9dc19..0000000 --- a/tests/allowed/node_modules/.package-lock.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "allowlisted", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/apache-2.0-mit-allowed/node_modules/.package-lock.json b/tests/apache-2.0-mit-allowed/node_modules/.package-lock.json deleted file mode 100644 index d73773a..0000000 --- a/tests/apache-2.0-mit-allowed/node_modules/.package-lock.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "apache-2.0-mit-allowed", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/apache-2.0-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/apache-2.0-licensed/-/apache-2.0-licensed-1.0.0.tgz", - "integrity": "sha1-4RNznfa2HH93AnhFWlz6ixwPyAc=" - }, - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/apache-2.0-mit-allowed/package-lock.json b/tests/apache-2.0-mit-allowed/package-lock.json deleted file mode 100644 index cfeb3c5..0000000 --- a/tests/apache-2.0-mit-allowed/package-lock.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "apache-2.0-mit-allowed", - "requires": true, - "lockfileVersion": 1, - "dependencies": { - "apache-2.0-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/apache-2.0-licensed/-/apache-2.0-licensed-1.0.0.tgz", - "integrity": "sha1-4RNznfa2HH93AnhFWlz6ixwPyAc=" - }, - "mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/blue-oak-fail/node_modules/.package-lock.json b/tests/blue-oak-fail/node_modules/.package-lock.json deleted file mode 100644 index ce6730e..0000000 --- a/tests/blue-oak-fail/node_modules/.package-lock.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "blue-oak-fail", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/gpl-2.0-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/gpl-2.0-licensed/-/gpl-2.0-licensed-1.0.0.tgz", - "integrity": "sha512-KNol5xR+cOQ8mST4GyymwM04GaJhDzC9DZJlGrz3sIBT22Ng49qBRlLmOdVDsvsrpu6xe0fmlqMO+uEDHq0G2Q==" - } - } -} diff --git a/tests/blue-oak-gold-mit/node_modules/.package-lock.json b/tests/blue-oak-gold-mit/node_modules/.package-lock.json deleted file mode 100644 index b3af986..0000000 --- a/tests/blue-oak-gold-mit/node_modules/.package-lock.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "mit-not-allowed", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/licenses-array-with-corrections/node_modules/.package-lock.json b/tests/licenses-array-with-corrections/node_modules/.package-lock.json deleted file mode 100644 index 0034cab..0000000 --- a/tests/licenses-array-with-corrections/node_modules/.package-lock.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/async": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/async/-/async-0.1.0.tgz", - "integrity": "sha1-q47ODEBifk6PDgnI/PfBntDEJBw=" - } - } -} diff --git a/tests/mit-not-allowed/node_modules/.package-lock.json b/tests/mit-not-allowed/node_modules/.package-lock.json deleted file mode 100644 index b3af986..0000000 --- a/tests/mit-not-allowed/node_modules/.package-lock.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "mit-not-allowed", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/no-allowlist/node_modules/.package-lock.json b/tests/no-allowlist/node_modules/.package-lock.json deleted file mode 100644 index c9990ef..0000000 --- a/tests/no-allowlist/node_modules/.package-lock.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "no-allowlist", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/optimist-without-corrections/node_modules/.package-lock.json b/tests/optimist-without-corrections/node_modules/.package-lock.json deleted file mode 100644 index feced81..0000000 --- a/tests/optimist-without-corrections/node_modules/.package-lock.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "name": "optimist", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/minimist": { - "version": "0.0.10", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz", - "integrity": "sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8=" - }, - "node_modules/optimist": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz", - "integrity": "sha1-2j6nRob6IaGaERwybpDrFaAZZoY=", - "dependencies": { - "minimist": "~0.0.1", - "wordwrap": "~0.0.2" - } - }, - "node_modules/wordwrap": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz", - "integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc=", - "engines": { - "node": ">=0.4.0" - } - } - } -} diff --git a/tests/out-of-allowed-range/node_modules/.package-lock.json b/tests/out-of-allowed-range/node_modules/.package-lock.json deleted file mode 100644 index b3bf024..0000000 --- a/tests/out-of-allowed-range/node_modules/.package-lock.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "out-of-allowlisted-range", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/out-of-allowed-range/test.js b/tests/out-of-allowed-range/test.js index 70ca6cb..46dedef 100644 --- a/tests/out-of-allowed-range/test.js +++ b/tests/out-of-allowed-range/test.js @@ -10,8 +10,8 @@ tap.equal( 'mit-licensed@1.0.0', ' NOT APPROVED', ' Terms: MIT', - ' Repository: git+https://github.com/jslicense/mit-licensed.js.git', - ' Homepage: https://github.com/jslicense/mit-licensed.js#readme', + ' Repository: jslicense/mit-licensed.js', + ' Homepage: None listed', ' Author: Kyle E. Mitchell (https://kemitchell.com/)', ' Contributors: None listed' ].join('\n') diff --git a/tests/production-only/node_modules/.package-lock.json b/tests/production-only/node_modules/.package-lock.json deleted file mode 100644 index 90c6d86..0000000 --- a/tests/production-only/node_modules/.package-lock.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "mit-not-allowed", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/apache-2.0-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/apache-2.0-licensed/-/apache-2.0-licensed-1.0.0.tgz", - "integrity": "sha1-4RNznfa2HH93AnhFWlz6ixwPyAc=", - "dev": true - }, - "node_modules/mit-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/mit-licensed/-/mit-licensed-1.0.0.tgz", - "integrity": "sha1-/YBXPYPQBMezBoFz2z6MRB13A/k=" - } - } -} diff --git a/tests/unlicensed-subdependency/node_modules/.package-lock.json b/tests/unlicensed-subdependency/node_modules/.package-lock.json deleted file mode 100644 index 6786d60..0000000 --- a/tests/unlicensed-subdependency/node_modules/.package-lock.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "unlicensed-subdependency", - "lockfileVersion": 2, - "requires": true, - "packages": { - "node_modules/mit-licensed-depends-on-not-licensed": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/mit-licensed-depends-on-not-licensed/-/mit-licensed-depends-on-not-licensed-1.0.1.tgz", - "integrity": "sha1-U1z3FXG0IG8wstxADj6j4YWrTYM=", - "dependencies": { - "not-licensed": "1.0.0" - } - }, - "node_modules/not-licensed": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/not-licensed/-/not-licensed-1.0.0.tgz", - "integrity": "sha1-4MDTAirx5RpJ0kcDycegwwoPWag=" - } - } -} diff --git a/tests/unlicensed-subdependency/test.js b/tests/unlicensed-subdependency/test.js index 92a3031..9868d05 100644 --- a/tests/unlicensed-subdependency/test.js +++ b/tests/unlicensed-subdependency/test.js @@ -10,16 +10,16 @@ tap.equal( 'mit-licensed-depends-on-not-licensed@1.0.1', ' NOT APPROVED', ' Terms: MIT', - ' Repository: git+https://github.com/jslicense/mit-licensed-depends-on-not-licensed.js.git', - ' Homepage: https://github.com/jslicense/mit-licensed-depends-on-not-licensed.js#readme', + ' Repository: jslicense/mit-licensed-depends-on-not-licensed.js', + ' Homepage: None listed', ' Author: Kyle E. Mitchell (https://kemitchell.com/)', ' Contributors: None listed', '', 'not-licensed@1.0.0', ' NOT APPROVED', ' Terms: Invalid license metadata', - ' Repository: git+https://github.com/jslicense/not-licensed.js.git', - ' Homepage: https://github.com/jslicense/not-licensed.js#readme', + ' Repository: jslicense/not-licensed.js', + ' Homepage: None listed', ' Author: Kyle E. Mitchell (https://kemitchell.com/)', ' Contributors: None listed' ].join('\n')