-
-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add NPM License Support from Package-Lock v2+ (#577)
* Add NPM License Support from Package-Lock v2+ Package-lock, starting in version 2, optionally provides package licenses that should be incorporated into BOM generation. Signed-off-by: ansonallard <[email protected]> * Conditionally Override License When Getting Remote If FETCH_LICENSE is enabled, we do not want to override packages that already have licenses. Therefore, fetching remote package metadata will only add the license metadata if not present. Signed-off-by: ansonallard <[email protected]> * Revert "Conditionally Override License When ..." This reverts commit 0748812. Signed-off-by: ansonallard <[email protected]> --------- Signed-off-by: ansonallard <[email protected]>
- Loading branch information
1 parent
1e60575
commit 1989d3c
Showing
5 changed files
with
12 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,7 @@ | |
| "private": true, | ||
| "packageManager": "[email protected]", | ||
| "type": "module", | ||
| "license": "MIT", | ||
| "workspaces": [ | ||
| "app", | ||
| "edge", | ||
|
|
||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1533,11 +1533,13 @@ test("parsePkgLock v2", async () => { | |
| expect(deps[1]._integrity).toEqual( | ||
| "sha512-x9yaMvEh5BEaZKeVQC4vp3l+QoFj3BXcd4aYfuKSzIIyihjdVARAadYy3SMNIz0WCCdS2vB9JL/U6GQk5PaxQw==" | ||
| ); | ||
| expect(deps[1].license).toEqual("Apache-2.0"); | ||
| expect(deps[0]).toEqual({ | ||
| "bom-ref": "pkg:npm/[email protected]", | ||
| author: "Wessel van Ree <[email protected]>", | ||
| group: "", | ||
| name: "shopify-theme-tailwindcss", | ||
| license: "MIT", | ||
| type: "application", | ||
| version: "2.2.1" | ||
| }); | ||
|
|
@@ -1568,6 +1570,7 @@ test("parsePkgLock v2 workspace", async () => { | |
| let pkgs = parsedList.pkgList; | ||
| let deps = parsedList.dependenciesList; | ||
| expect(pkgs.length).toEqual(1032); | ||
| expect(pkgs[0].license).toEqual("MIT"); | ||
| let hasAppWorkspacePkg = pkgs.some( | ||
| (obj) => obj["bom-ref"] === "pkg:npm/[email protected]" | ||
| ); | ||
|
|
@@ -1605,6 +1608,7 @@ test("parsePkgLock v3", async () => { | |
| "bom-ref": "pkg:npm/cdxgen@latest", | ||
| group: "", | ||
| author: "", | ||
| license: "ISC", | ||
| name: "cdxgen", | ||
| type: "application", | ||
| version: "latest" | ||
|
|
||