uber / uber-licence Goto Github PK

Hello,

Why is it important for Uber to put the MIT License in each file again and again. Doesn't it get redundant and is just unnecessary bloat with each file that contains code? Does it serve benefit over the inclusion of LICENSE file that contains the license?

I was just exploring Uber's OSS stuff and happened to come on this repo. I know this question might seem unnecessary but I am just curious, I'd welcome any point of views on this topic. Thanks 👍

uber-licence hangs with certain combinations of characters in the file header.

For example, adding or removing a single lowercase character in the licence of a file (on certain lines only!) causes it to hang.

To reproduce, run the following:

mkdir /tmp/1
cd /tmp/1

cat <<EOF>foo.js
// Copyright (c) 2016 Uber Technologies, Inc.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWAREz.

// foo
EOF

uber-licence   // hangs

Note in the licence text above, "SOFTWARE" at the end is "SOFTWAREz".

@mennopruijssers traced the problem to this line:

It looks like perhaps the RegExp is hanging.

When using Flowtype, the uber license is prepended above // @flow when the flow comment is the first line in the file. This disables flow and therefore breaks flow's ability to identify the respective file as something to check with flow.

The fix would be:

1. Check first if the file has a first line of // @flow.
2. If true, place the Uber header below this comment instead of above.
3. If false, continue with current behavior.

No test file exists. Will take on when I have the bandwidth.

#! is a valid first line of a Node.js script. License must fall under it for Unix to recognize the magic number.

uber-licence --dry fails if a file contains a 2017 licence header.

If I have a file with this copyright notice:

Copyright (c) 2015 Uber Technologies, Inc.

and I update the file in 2017, the final copyright statement should be

Copyright (c) 2015, 2017 Uber Technologies, Inc.

If I then update it again in 2018 and 2019, it should be

Copyright (c) 2015, 2017-2019 Uber Technologies, Inc.

In short, we shouldn't overwrite the existing dates - we should add to them.

Running uber-licence on files with the most recent year (2016) results in a duplicate licence being added to the top of the file with an outdated year.

Example diff after running uber-licence:

--- a/test/admin-tests.js
+++ b/test/admin-tests.js
@@ -1,3 +1,23 @@
+// Copyright (c) 2015 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
 // Copyright (c) 2016 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy

Hi there,

We noticed that your repo has a high severity vulnerability:

• Regular Expression Denial of Service
• Affected package: minimatch <=3.0.1

Here is the test report for this repo.
If you’d like to fix this vulnerability, Snyk lets you generate a pull request that recommends the best upgrade path - there’s a link to fix this vulnerability on the test report.

Stay secure :-)
Snyk Community

65fe0ff made a change that added a newline to the preamble of every file. However, this newline is unnecessary in files that do not have a shebang or flow header. As an example, while the following file used to be valid:

// Copyright (c) 2017 Uber Technologies, Inc.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
...

uber-license now requires that such a file starts with a newline:

// Copyright (c) 2017 Uber Technologies, Inc.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
...