Git Product home page Git Product logo

thirdlicense's Introduction

Third License Build status MIT License

.NET tool to generate third-party notice files from all the transitive dependencies of a .NET project.

Installation

Get the latest release from the GitHub release tab or install it as a global tool from nuget.org.

Run as a program

If you download the zip file, you can run the tool as a .NET program as follow: dotnet ThirdLicense.dll.

Install as a .NET global tool

You can install it as a .NET global tool and it will be added to your PATH environment variable. Install the latest stable release from nuget.org with:

dotnet tool install --global ThirdLicense

or from a local downloaded NuGet package (.nupkg):

dotnet tool install --global --add-source <folder_with_nupkg> ThirdLicense

Then, you can run it just by the command name: thirdlicense

Usage

To run the tool make sure you have installed .NET 8.0 runtime.

The program accepts the following arguments:

  • project: the project file to analyze for third-parties or its folder.
  • output: the output file path. By default in the current directory with name THIRD-PARTY-NOTICES.TXT.
  • endpoint: optional extra NuGet repository endpoint to look for packages. It will also load the enabled sources, including from local nuget.config files.

Example of output file:

License notice for NuGet.Protocol (v5.6.0+636570e68732c1f718ede9ca07802d7b1cc69aa0)
------------------------------------

https://github.com/NuGet/NuGet.Client at 636570e68732c1f718ede9ca07802d7b1cc69aa0

https://aka.ms/nugetprj

Copyright © Microsoft Corporation. All rights reserved.

Licensed under Apache-2.0

Available at https://licenses.nuget.org/Apache-2.0


License notice for System.CommandLine (v2.0.0-beta1.20253.1)
------------------------------------
[...]

Build

Install .NET SDK 8.0 and go to the src folder to run dotnet build.

To create a runtime application run dotnet publish -c Release and to prepare the NuGet run dotnet pack -c Release.

thirdlicense's People

Contributors

dependabot[bot] avatar pleonex avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

gcaram

thirdlicense's Issues

Append manual dependencies

Some programs use dependencies that are not specified as NuGet dependencies. In some cases, the developer must provide manually its licenses. This tool could accept as a parameter a file with that description. Potential options:

  • Flag to append instead of overwrite the output into an existing file (that would contain the manual dependencies).
    • If you run twice the tool, it would append twice.
  • Flag to use a custom header / tail for the output file
    • It may cause issues in some license generator like Markdown where it would generate already a title
  • Flag to use a JSON / YAML / TOML file that describes the third-parties to consider
    • This solution would integrate better with the license generator code

Generate license in RTF format

The MSI installers requires an RTF file to show the license. The tool should be able to generate the format so the file can be automatically included.

Issue: Retrieving private Azure DevOps Artifacts NuGet Feed cause exception

Hi there.

Firstly, I wanted to say this is a really useful library. I didn't see a bug template for this repository, so I just tried to include as much detail as possible.

Steps

  1. Add a NuGet.config to repository
  2. Add a private Azure DevOps Artifact NuGet Feed Package Source to the packageSources , e.g. <packageSources><add key="AzureDevOps" value="https://pkgs.dev.azure.com/.../nuget/v3/index.json" /></packageSources>
  3. Add and reference a package from Azure DevOps Artifact NuGet Feed to a csproj
  4. Run thirdlicense --project {project}

Observed
There is an unhandled exception with HTTP Status Code of 401 (Unauthorized).

Expectation
I believe Third License should either:

  1. use cached NuGet credentials (or prompt for NuGet credentials from the user)
  2. have a flag to ignore the failed source(s) (similar to the parameter --ignore-failed-sources in dotnet restore)

I have no experience with the NuGet SDK so I don't think I can do option 1, but I am more than happy to contribute a PR for option 2. If that would be okay?

Stack Trace

Unhandled exception: NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source https://pkgs.dev.azure.com/{redacted}/_packaging/{redacted}/nuget/v3/index.json.
 ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at NuGet.Protocol.HttpSource.<>c__DisplayClass15_0`1.<<GetAsync>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
   at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
   at NuGet.Protocol.HttpSource.GetAsync[T](HttpSourceCachedRequest request, Func`2 processAsync, ILogger log, CancellationToken token)
   at NuGet.Protocol.ServiceIndexResourceV3Provider.GetServiceIndexResourceV3(SourceRepository source, DateTime utcNow, ILogger log, CancellationToken token)
   --- End of inner exception stack trace ---
   at NuGet.Protocol.ServiceIndexResourceV3Provider.GetServiceIndexResourceV3(SourceRepository source, DateTime utcNow, ILogger log, CancellationToken token)
   at NuGet.Protocol.ServiceIndexResourceV3Provider.TryCreate(SourceRepository source, CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T](CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T]()
   at NuGet.Protocol.HttpFileSystemBasedFindPackageByIdResourceProvider.TryCreate(SourceRepository sourceRepository, CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T](CancellationToken token)
   at NuGet.Protocol.Core.Types.SourceRepository.GetResourceAsync[T]()
   at ThirdLicense.NuGetProtocolInspector.AddRepositoryAsync(PackageSource source) in /home/runner/work/ThirdLicense/ThirdLicense/src/ThirdLicense/NuGetProtocolInspector.cs:line 130
   at ThirdLicense.NuGetProtocolInspector.AddDefaultEndpointsAsync() in /home/runner/work/ThirdLicense/ThirdLicense/src/ThirdLicense/NuGetProtocolInspector.cs:line 88
   at ThirdLicense.Program.Generate(String project, String endpoint, FileInfo output) in /home/runner/work/ThirdLicense/ThirdLicense/src/ThirdLicense/Program.cs:line 96
   at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.