Comments (22)
@jonabc using pnpm at all should be sufficient to reproduce. I just created a new package with npm init
and added just one dep of ember-cli
and I can reproduce the error.
sources:
npm: true
allowed:
- mit
- isc
- bsd
- bsd-2-clause
- bsd-3-clause
- wtfpl
- apache-2.0
- cc0-1.0
pnpm 7.26.3
npm 6.14.17
from licensed.
@rwwagner90 I hear you on the pnpm source and agree that it's the best solution to the current problem. I'm just a little strapped for time. I'll try to get something put together over the next few days.
from licensed.
Ah sorry I missed documenting a difference between the npm and pnpm sources. With the pnpm source, you'll need to specify dependencies in the configuration file as <name>@<version>
. This is eventually going to be the norm for all dependencies in a future major version bump, and the pnpm source is being used to lead the way and uncover any issues related to that change.
from licensed.
Perhaps there is an issue since we are using pnpm?
That would be my initial guess. I've only used pnpm a handful of times and I'm not terribly familiar with how it interacts with npm during package management, if it interacts at all.
- What version of npm and pnpm are you using?
- Can you provide the dependencies and devDependencies sections of your package.json so I can try to repro locally?
from licensed.
You will have to pnpm i --shamefully-hoist
to get pnpm to hoist packages rather than using all symlinks.
from licensed.
Also, FYI there is a pnpm licenses ls
command which will list all the licenses, so perhaps we could leverage that here?
from licensed.
Looks like something like pnpm licenses list --long --json
gives us deps grouped by license types in JSON format. Could we add a source that parses that?
from licensed.
Looks like something like pnpm licenses list --long --json gives us deps grouped by license types in JSON format. Could we add a source that parses that?
I took a look and wow this is the first time I've seen a package manager provide exactly the information that's needed by this tool 😂 . A new source sounds like a good idea, I'll take a look when I get a chance but in the immediate future I'll look to fix the underlying issue with the npm source.
from licensed.
🤔 scratch the previous comment, I think pnpm might generally just be incompatible with npm CLI commands? whether I pnpm install
using --shamefully-hoist
or not, npm list --all --json --production --long
is returning a ton of errors from what pnpm is reporting as optional dependencies. I'll try to get to creating the pnpm source sooner rather than later
I'm using npm 8.5.0
and pnpm 7.26.3
from licensed.
@jonabc you want to use pnpm commands, not npm ones. pnpm licenses list --long --json --prod
would be the pnpm equivalent of what you are trying to run with npm I think. I think we should add a new source that runs the pnpm commands.
from licensed.
@rwwagner90 yep, I was trying to resolve the original issue from this ticket that talks about the npm source raising an error. the npm source doesn't use any pnpm commands
from licensed.
@jonabc fair enough. I'm not sure if it is possible to make the npm
source work here though, so we should focus on pnpm
. Anything I can do to help? I don't really know ruby myself, so I don't think I would have much luck implementing the source myself.
from licensed.
@jonabc is there anything we can do to be helpful in the meantime? Some of my colleagues know ruby pretty well, so perhaps we could get a PR up, but if you already know exactly what you would do here, perhaps it would be better to wait. Just let us know how we can best help!
from licensed.
@rwwagner90 if you're able to hold tight for me to get the basic structure in place that would be best. pnpm should be one of the easier package managers to integrate, but it would still probably go faster if I put in the base of the integration. once that's done I'd love any extra eyes or help with any edge cases, bugs, or improvements that come up.
is pnpm support blocking anything critical for you?
from licensed.
@jonabc not super critical. I've spent the past couple weeks getting pnpm up and running on our repos. Now all the tests are passing and such, but we're unable to run license checks, so it is blocking somewhat, but not critical.
from licensed.
@rwwagner90 I've got the basics of a source up at #626. As mentioned in the PR the only real quirk I found with pnpm was that the cli doesn't return data only for a specific workspace. The pnpm licenses list
command is still not finalized though according to the documentation so it's possible that is coming soon 🤷 . It should be easy to incorporate workspaces similar to the npm source if/when the pnpm CLI supports it.
from licensed.
Awesome, thank you so much for the quick turnaround!
from licensed.
@jonabc would it be possible to get a new release with these changes? Thanks again for your help!
from licensed.
yes it is coming, I'm working through some other changes to include in the release and should have a release out today.
from licensed.
@jonabc it seems there is a bug where ignored
is not working for pnpm
We have this, and some of these are showing up as not being valid, when they should instead be ignored.
ignored:
pnpm:
- bindings # MIT
- fsevents-* # MIT
- file-uri-to-path # MIT
- jsonify # Public Domain
- nan # MIT
- regenerator-transform-0.10.1 # BSD*
- spdx-exceptions # CC-BY-3.0
from licensed.
@jonabc thanks for the info! Does the version support globs or semver strings or anything? Like foo@*
or foo@^6.0.0
etc
from licensed.
@RobbieTheWagner I've added support for version matching in #629. Note that version range matching uses Ruby's semver support which is a little different than node's semver package. I've updated the ignoring and reviewing docs in that PR with some usage hints including links to Ruby's documentation on semver support.
from licensed.
Related Issues (20)
- Licensed breaks under Bundler 2.4.1 due to dependency search change
- The `cache` command is not cleaning up stale license files HOT 2
- licensed v4.0.0 test failure in Homebrew HOT 4
- Cocoapods-core is incompatible with Rails 7 HOT 4
- Remove dep
- Go modules license detection seems off (possibly /v2) HOT 2
- Re-evaluate default Gradle configurations
- Allow users to manually curate paths to license content for a detected dependency
- Create cocoapods plugin for enumerating dependencies for licensed HOT 3
- Checksum-based review HOT 7
- How to list licenses from cache HOT 2
- Make licensed status detect dependencies that have been removed HOT 8
- Remove bower support
- Bug with gem bundle in subdirectory / Could not find optimist (3.1.0) in any sources
- Bug with pnpm in subdirectory (tries both npm and pnpm resolution?)
- Gradle source not working when using Kotlin DSL (build.gradle.kts)
- Can't detect licenses of default gems
- Phone outdated
- licensed cache report exit code `1` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from licensed.