zumwald / oss-attribution-generator Goto Github PK

View Code? Open in Web Editor NEW

37.0 37.0 23.0 77 KB

utility to parse bower and npm packages used in a project and generate an attribution file to include in your product

License: MIT License

JavaScript 100.00%

oss-attribution-generator's People

Contributors

Stargazers

Watchers

Forkers

fancyydk martinschayna kyle-falconer kconner rohithjidagam antmin zuehlke yoobic ninjacarr jylertones zewa666 mindbridge-ai an6r cabb docs-of-all-trades electrovir devinmatte selleo

oss-attribution-generator's Issues

documentation for calling from Javascript

Is there a recommended way to call this from inside a Node.js application? If so, could the documentation be updated with that?

Currently, "require('oss-attribution-generator')" will run the utility in the background and return immediately. Since any post-processing I'd like to do is dependent on the parser being done, I need a way to wait for it to finish or directly call the internal functions to get the licenses myself. Any recommendations?

integrate with CI system for build/test/publishing to lower the barrier to entry for new contributors

Unable to locate package.json from local package dependencies

I run into an issue where the generator would fail with an error <package name>: unable to locate package.json .
The package for which the script fails to locate the package.json is inside a node_module directory of another local package which is referenced by a relative path in my main project.

For example:

mainProject package.json:
"dependencies: { "@mylocalPackageFoo: "file: ../mylocalPackage" }

local package directory structure:
../mylocalPackage/node_module/<name of the package for which the generator failed>

Note, the package for which the generator fails to find package.json is not a direct dependency of the local package(not listed in its package.json).

The packagePath used here is incorrect for the scenario described above.

Workaround
The package.json is usually located next to the license file so I decided to add one more check for package.json at the location of the license file. I simply added else if on the line 139 before giving up.

else if (!itemAtPath) { packageJson = jetpack.read(path.join(path.dirname(package['licenseFile']), 'package.json'), 'json'); }

Remove bluebird in favor of native Promises

feature request: allow multiple project folders as input

Currently, this program accepts two command-line arguments, one for the output directory (where the attribution text will be saved), and one for the input directory (the path to the Node.js project). It would be very useful to accept a variable number of input directories.

Each of the input directories passed in with the -b argument would processed, and duplicate entries (dependencies with same name and version number) would be combined to produce a smaller attribution text and prevent having to manually combine multiple attribution texts if the program had been run separately on the various Node.js projects.

Example usage:

cd pathToYourMainProject
generate-attribution -b pathToYourMainProject pathToYourFirstProjectDependency pathToYourSecondProjectDependency
git add ./oss-attribution
git commit -m 'adding open source attribution output from oss-attribution-generator'

It seems to just stop?

I run the command in my project, it quickly lists all the files its processing and then suddenly stalls and doesn't appear to continue.

Any help?

Add proper jsdocs to improve authoring experience

Compile to html

Could we have some kind of output that would make the attribution look nice as HTML? I'd like to just include the output directly in my web apps with nice formatting

Change line endings to CRLF

Running on macOS at the moment will return:

env: node\r: No such file or directory

Due to the line endings being \r only. This guide by Github allows you to set your git config so that they are automatically fixed when you commit.

Locally, I've converted it with dos2unix, and that makes it work fine. I can send you a PR with the updated line endings if you prefer.

Never finishes

This is just what I needed! I've been waiting to use use yarn for all of our dependencies for certain reasons, and it has an automatic attribution generator. But this is perfect for what we need in the mean time because it supports bower. I've gotten the bower_components attribution to generate just fine, but the node_modules attribution never finishes. Its last output is:

processing [email protected]

Update dependencies to fix vulnverabilities introduced by debug and deep-extend

npm audit, at the time of writing, reports three known vulnverabilities for oss-attribution-generator:

review  deep-extend     low     >=0.5.1 Prototype Pollution     https://nodesecurity.io/advisories/612 oss-attribution-generator>bower-json>deep-extend
review  deep-extend     low     >=0.5.1 Prototype Pollution     https://nodesecurity.io/advisories/612 oss-attribution-generator>bower-license>bower-json>deep-extend
review  debug   low     >= 2.6.9 < 3.0.0 || >= 3.1.0    Regular Expression Denial of Service   https://nodesecurity.io/advisories/534  oss-attribution-generator>spdx-licenses>debug

However, these are all vulnverabilities with a low rating and dependencies of dependencies. In the case of Bower, development seems to have stalled and the maintainers are recommending to move to yarn, so updates here seem to be unlikely.

Error: 'name' of undefined

When executing 'generate-attribution' I get this error:
[TypeError: Cannot read property 'name' of undefined]

Nothing is created.
Any idea?

Needs Unit Tests

d'oh!