remove license-checker

filipesilva · filipesilva · commit 69fdece95a22 · 2017-02-10T17:03:18.000Z
diff --git a/package.json b/package.json
@@ -135,7 +135,6 @@
     "express": "^4.14.0",
     "jasmine": "^2.4.1",
     "jasmine-spec-reporter": "^3.2.0",
-    "license-checker": "^8.0.3",
     "minimist": "^1.2.0",
     "mocha": "^3.2.0",
     "mock-fs": "^4.0.0",
diff --git a/scripts/test-licenses.js b/scripts/test-licenses.js
@@ -1,10 +1,14 @@
-const licenseChecker = require('license-checker');
+require('../lib/bootstrap-local');
+
+const path = require('path');
+const glob = require('glob');
 const spdxSatisfies = require('spdx-satisfies');
-const denodeify = require('denodeify');
-const licenseCheckerInit = denodeify(licenseChecker.init);
+// TODO use logger.Logger
+const logger = require('@ngtools/logger');
 
 
 // SPDX defined licenses, see https://spdx.org/licenses/.
+// TODO(hansl): confirm this list
 const acceptedSpdxLicenses = [
   'MIT',
   'ISC',
@@ -19,59 +23,101 @@ const acceptedSpdxLicenses = [
 ];
 
 // Name variations of SPDX licenses that some packages have.
-const ignoredLicenseVariations = [
-  'MIT*',
-  'MIT/X11',
-  'AFLv2.1',
-  'AFLv3.0',
-  'Apache-2.0',
-  'Apache2',
-  'BSD',
-  'BSD*',
-  'BSD-like',
-  'NPL',
-  'L/GPL',
-  'Public Domain'
+// Licenses not included in SPDX but accepted will be converted to MIT.
+// TODO(hansl): make sure all of these are ok
+const licenseReplacements = [
+  { name: 'Apache License, Version 2.0', replacement: 'Apache-2.0' },
+  { name: 'AFLv2.1', replacement: 'AFL-2.1' },
+  // I guess they are kinda the same?
+  { name: 'BSD', replacement: 'BSD-2-Clause' },
+  { name: 'BSD-like', replacement: 'BSD-2-Clause' },
+  { name: 'MIT/X11', replacement: 'MIT' },
+  // Not sure how to deal with public domain.
+  // http://wiki.spdx.org/view/Legal_Team/Decisions/Dealing_with_Public_Domain_within_SPDX_Files
+  { name: 'Public Domain', replacement: 'MIT' }
 ];
 
 // Specific packages to ignore, add a reason in a comment. Format: package-name@version.
+// TODO(hansl): review these
 const ignoredPackages = [
-  'json-schema@0.2.3', // old license format, lists `AFLv2.1, BSD`
-  'pause-stream@0.0.11', // old license format, lists `MIT, Apache2`
-  'rx-lite@3.1.2', // `Apache License, Version 2.0`, but licence-checker can't handle commas
-  'map-stream@0.1.0', // has a MIT license but it's not listed in package.json
+  'async-foreach@0.1.3', // MIT, but doesn't list it in package.json
+  'domelementtype@1.1.3', // Looks like MIT
+  'domelementtype@1.3.0', // Looks like MIT
+  'domhandler@2.1.0', // Looks like MIT
+  'domutils@1.5.1', // Looks like MIT
+  'domutils@1.1.6', // Looks like MIT
+  'extsprintf@1.0.2', // Looks like MIT
+  'formatio@1.1.1', // BSD, but doesn't list it in package.json
+  'indexof@0.0.1', // MIT, but doesn't list it in package.json
+  'map-stream@0.1.0', // MIT, license but it's not listed in package.json.
+  'mime@1.2.11', // MIT, but doesn't list it in package.json
+  'ms@0.7.1', // MIT, but doesn't list it in package.json
+  'pause-stream@0.0.11', // MIT AND Apache-2.0, but broken license field in package.json lists.
+  'progress@1.1.8', // MIT, but doesn't list it in package.json
+  'samsam@1.1.2', // BSD, but doesn't list it in package.json
+  'stdout-stream@1.4.0', // MIT, but doesn't list it in package.json
+  'undefined@undefined', // Test package with no name nor version.
+  'verror@1.3.6', // Looks like MIT
 ];
 
-function testSpdx(licenses) {
+const root = path.resolve(__dirname, '../');
+
+// Find all folder directly under a `node_modules` that have a package.json.
+const allPackages = glob.sync(path.join(root, '**/node_modules/*/package.json'), { nodir: true })
+  .map(packageJsonPath => {
+    const packageJson = require(packageJsonPath);
+    return {
+      id: `${packageJson.name}@${packageJson.version}`,
+      path: path.dirname(packageJsonPath),
+      packageJson: packageJson
+    };
+  })
+  // Figure out what kind of license the package uses.
+  .map(pkg => {
+    let license = null;
+    if (pkg.packageJson.license) {
+      // Use license field if present
+      if (typeof pkg.packageJson.license === 'string') {
+        license = replace(pkg.packageJson.license);
+      } else if (typeof pkg.packageJson.license === 'object' && typeof pkg.packageJson.type) {
+        license = replace(pkg.packageJson.license.type);
+      }
+    } else if (Array.isArray(pkg.packageJson.licenses)) {
+      // If there's an (outdated) licenses array use that joined by OR.
+      // TODO verify multiple licenses is OR and not AND
+      license = pkg.packageJson.licenses
+        .map(license => replace(license.type))
+        .join(' OR ');
+    }
+    pkg.license = license;
+    return pkg;
+  })
+
+// Packages with bad licenses are those that neither pass SPDX nor are ignored.
+const badLicensePackages = allPackages
+  .filter(pkg => !passesSpdx(pkg.license, acceptedSpdxLicenses))
+  .filter(pkg => !ignoredPackages.find(ignored => ignored === pkg.id));
+
+// Report packages with bad licenses
+if (badLicensePackages.length > 0) {
+  console.log('Invalid package licences found:\n');
+  badLicensePackages.forEach(pkg => console.log(`${pkg.id} (${pkg.path}): ${pkg.license}`));
+  process.exit(1);
+} else {
+  console.log('All package licenses are valid.');
+}
+
+// Check if a license is accepted by an array of accepted licenses
+function passesSpdx(license, accepted) {
   try {
-    return spdxSatisfies(licenses, `(${acceptedSpdxLicenses.join(' OR ')})`)
+    return spdxSatisfies(license, `(${accepted.join(' OR ')})`)
   } catch (_) {
     return false;
   }
 }
 
-// Use license-checker first, it can filter more licenses.
-licenseCheckerInit({
-  start: './',
-  exclude: acceptedSpdxLicenses.concat(ignoredLicenseVariations).join(),
-  customFormat: { name: '', _location: '' }
-})
-  .then(json => {
-    let badPackages = Object.keys(json)
-      .map(key => Object.assign({}, json[key], { id: key }))
-      // Then run the remaining ones through spdx-satisfies.
-      .filter(pkg => !testSpdx(pkg.licenses))
-      .filter(pkg => !ignoredPackages.find(ignored => ignored === pkg.id));
-
-    if (badPackages.length > 0) {
-      console.log('Invalid package licences found:\n');
-      badPackages.forEach(pkg => console.log(`- ${pkg.id} (${pkg._location}): ${pkg.licenses}`));
-      process.exit(1);
-    } else {
-      console.log('All package licenses are valid.');
-    }
-  })
-  .catch(err => {
-    console.log(err);
-    process.exit(1);
-  });
+// Apply license name replacement if any
+function replace(license) {
+  const match = licenseReplacements.find(rpl => rpl.name === license);
+  return match ? match.replacement : license;
+}
