feat: added skipping of package.json check if package is whitelisted (r…

…esolves #118) (#136)
google · May 25, 2020 · 0d95d18 · 0d95d18
1 parent 1b03d65
commit 0d95d18
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 16 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -42,6 +42,7 @@
     "gaxios": "^3.0.0",
     "npm-package-arg": "^8.0.0",
     "package-json": "^6.0.0",
+    "semver": "^7.3.2",
     "spdx-correct": "^3.0.0",
     "spdx-satisfies": "^5.0.0",
     "strip-json-comments": "^3.0.0"
@@ -53,6 +54,7 @@
     "@types/node": "^10.0.1",
     "@types/npm-package-arg": "^6.0.0",
     "@types/proxyquire": "^1.3.28",
+    "@types/semver": "^7.2.0",
     "@types/spdx-correct": "^2.0.0",
     "@types/spdx-satisfies": "^0.1.0",
     "@types/strip-json-comments": "0.0.30",

diff --git a/src/checker.ts b/src/checker.ts
@@ -20,6 +20,7 @@ import * as path from 'path';
 import spdxCorrect from 'spdx-correct';
 import spdxSatisfies from 'spdx-satisfies';
 import {inspect, promisify} from 'util';
+import semver from 'semver';
 
 import * as config from './config';
 import {GitHubRepository} from './github';
@@ -175,7 +176,7 @@ export class LicenseChecker extends EventEmitter {
     this.failedPackages.clear();
   }
 
-  private getLicense(pkgJson: PackageJson): string | null {
+  private getLicense(pkgJson: Partial<PackageJson>): string | null {
     // Some package.json files have incorrect license fields, and old packages
     // may have legacy licence field format. See
     // https://docs.npmjs.com/files/package.json#license for details. The code
@@ -310,48 +311,54 @@ export class LicenseChecker extends EventEmitter {
   }
 
   private async checkPackageJson(
-    json: {},
+    json: Partial<PackageJson>,
     packageName: string | null,
     localDirectory: string | null,
     ...parents: string[]
   ): Promise<void> {
-    const pj: PackageJson = ensurePackageJson(json);
-    if (!packageName) {
-      packageName = pj.name;
+    packageName = (packageName || json.name || 'undefined') as string;
+
+    const isWhitelisted = this.isPackageWhitelisted(packageName);
+    if (isWhitelisted) {
+      json.version = semver.valid(json.version) ? json.version : '0.0.0';
+    } else {
+      ensurePackageJson(json);
     }
-    if (pj.name !== packageName) {
+
+    if (json.name !== packageName) {
       console.warn(
-        `Package name mismatch. Expected ${packageName}, but got ${pj.name}`
+        `Package name mismatch. Expected ${packageName}, but got ${json.name}`
       );
     }
-    const pkgVersion = pj.version;
+
+    const pkgVersion = json.version;
     const packageAndVersion = `${packageName}@${pkgVersion}`;
     if (this.processedPackages.has(packageAndVersion)) return;
     this.processedPackages.add(packageAndVersion);
 
     if (this.isPackageWhitelisted(packageName)) {
       console.log(`${packageName} is whitelisted.`);
     } else {
-      const license = this.getLicense(pj);
+      const license = this.getLicense(json);
       if (!this.isGreenLicense(license)) {
         this.emit('non-green-license', {
           packageName,
-          version: pkgVersion,
+          version: pkgVersion || 'undefined',
           licenseName: license,
           parentPackages: parents,
         });
       }
     }
 
     await this.checkLicensesForDeps(
-      pj.dependencies,
+      json.dependencies,
       localDirectory,
       ...parents,
       packageAndVersion
     );
     if (this.opts.dev) {
       await this.checkLicensesForDeps(
-        pj.devDependencies,
+        json.devDependencies,
         localDirectory,
         ...parents,
         packageAndVersion

diff --git a/test/checker-test.ts b/test/checker-test.ts
@@ -483,4 +483,45 @@ describe(__filename, () => {
       }
     );
   });
+
+  it('skips package.json checks if package is whitelisted', () => {
+    const primaryPackageJson = JSON.stringify({
+      name: 'hello',
+      version: '1.0.0',
+      licenses: ['invalid', 'values'],
+    });
+
+    const configJson = JSON.stringify({
+      packageWhitelist: ['hello'],
+    });
+    const pathToPrimary = path.join('path', 'to', 'primary');
+    return withFixtures(
+      {
+        [pathToPrimary]: {
+          'package.json': primaryPackageJson,
+          'js-green-licenses.json': configJson,
+        },
+      },
+      async () => {
+        requestedPackages = [];
+        const nonGreenPackages: string[] = [];
+        const packageJsonPaths: string[] = [];
+        const checker = new LicenseChecker();
+        checker
+          .on('non-green-license', arg => {
+            nonGreenPackages.push(`${arg.packageName}@${arg.version}`);
+          })
+          .on('package.json', filePath => {
+            packageJsonPaths.push(filePath);
+          });
+        await checker.checkLocalDirectory(pathToPrimary);
+        console.log('requested packages: ', requestedPackages);
+        assert.deepStrictEqual(requestedPackages, []);
+        assert.deepStrictEqual(nonGreenPackages, []);
+        assert.deepStrictEqual(packageJsonPaths, [
+          path.join(pathToPrimary, 'package.json'),
+        ]);
+      }
+    );
+  });
 });