summaryrefslogtreecommitdiff
path: root/lib/license/finder
diff options
context:
space:
mode:
authormo khan <mo.khan@gmail.com>2020-05-05 13:26:35 +0000
committermo khan <mo.khan@gmail.com>2020-05-05 13:26:35 +0000
commit8e427c7987e90a028e6d9f344a9f70bb13b6eee4 (patch)
treefa912674be3b7898bb9e7622286baff980e8e908 /lib/license/finder
parent6bd70e9995e70af4fd12e0c6fa55cf0340e22ba9 (diff)
parentc9915861e3db35719bf33aeed7eb4bbf82298267 (diff)
Merge branch 'npm-custom-registry' into 'master'v3.7.6
Exclude `devDependencies` from NodeJS based scan reports See merge request gitlab-org/security-products/license-management!141
Diffstat (limited to 'lib/license/finder')
-rw-r--r--lib/license/finder/ext.rb2
-rw-r--r--lib/license/finder/ext/npm.rb36
-rw-r--r--lib/license/finder/ext/yarn.rb9
3 files changed, 47 insertions, 0 deletions
diff --git a/lib/license/finder/ext.rb b/lib/license/finder/ext.rb
index 70620be..3d8a463 100644
--- a/lib/license/finder/ext.rb
+++ b/lib/license/finder/ext.rb
@@ -4,11 +4,13 @@ require 'license/finder/ext/go_modules'
require 'license/finder/ext/gradle'
require 'license/finder/ext/license'
require 'license/finder/ext/maven'
+require 'license/finder/ext/npm'
require 'license/finder/ext/nuget'
require 'license/finder/ext/package_manager'
require 'license/finder/ext/pip'
require 'license/finder/ext/pipenv'
require 'license/finder/ext/shared_helpers'
+require 'license/finder/ext/yarn'
# Apply patch to the JsonReport found in the `license_finder` gem.
LicenseFinder::JsonReport.prepend(License::Management::Report)
diff --git a/lib/license/finder/ext/npm.rb b/lib/license/finder/ext/npm.rb
new file mode 100644
index 0000000..75c0855
--- /dev/null
+++ b/lib/license/finder/ext/npm.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+ class NPM
+ def current_packages
+ NpmPackage.packages_from_json(npm_json, detected_package_path)
+ end
+
+ def prepare_command
+ lockfile? ? 'npm ci' : 'npm install --no-save'
+ end
+
+ def possible_package_paths
+ [project_path.join('package.json')]
+ end
+
+ def prepare
+ Dir.chdir(project_path) do
+ shell.execute("#{prepare_command} --production")
+ end
+ end
+
+ private
+
+ def lockfile?
+ File.exist?(project_path.join('package-lock.json'))
+ end
+
+ def npm_json
+ stdout, _stderr, status = Dir.chdir(project_path) do
+ shell.execute("npm list --json --long --production")
+ end
+ status.success? ? JSON.parse(stdout) : {}
+ end
+ end
+end
diff --git a/lib/license/finder/ext/yarn.rb b/lib/license/finder/ext/yarn.rb
new file mode 100644
index 0000000..cc2c029
--- /dev/null
+++ b/lib/license/finder/ext/yarn.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+ class Yarn
+ def prepare_command
+ 'yarn install --ignore-engines --ignore-scripts'
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 11:26:33 +0000