diff --git a/frontend/scripts/generate-licenses.js b/frontend/scripts/generate-licenses.js index cfd5f675a..aaac69800 100644 --- a/frontend/scripts/generate-licenses.js +++ b/frontend/scripts/generate-licenses.js @@ -30,11 +30,11 @@ try { } // Generate license report using license-checker (more reliable) - const licenseReport = execSync('npx license-checker --production --json', { + const licenseReport = execSync('npx license-checker --production --json', { encoding: 'utf8', cwd: path.dirname(PACKAGE_JSON) }); - + let licenseData; try { licenseData = JSON.parse(licenseReport); @@ -43,16 +43,16 @@ try { console.error('Raw output:', licenseReport.substring(0, 500) + '...'); process.exit(1); } - + if (!licenseData || typeof licenseData !== 'object') { console.error('āŒ Invalid license data structure'); process.exit(1); } - + // Convert license-checker format to array const licenseArray = Object.entries(licenseData).map(([key, value]) => { let name, version; - + // Handle scoped packages like @mantine/core@1.0.0 if (key.startsWith('@')) { const parts = key.split('@'); @@ -64,30 +64,30 @@ try { name = key.substring(0, lastAtIndex); version = key.substring(lastAtIndex + 1); } - + // Normalize license types for edge cases let licenseType = value.licenses; - + // Handle missing or null licenses if (!licenseType || licenseType === null || licenseType === undefined) { licenseType = 'Unknown'; } - + // Handle empty string licenses if (licenseType === '') { licenseType = 'Unknown'; } - + // Handle array licenses (rare but possible) if (Array.isArray(licenseType)) { licenseType = licenseType.join(' AND '); } - + // Handle object licenses (fallback) if (typeof licenseType === 'object' && licenseType !== null) { licenseType = 'Unknown'; } - + return { name: name, version: version || value.version || 'unknown', @@ -97,13 +97,13 @@ try { link: value.licenseUrl }; }); - + // Transform to match Java backend format const transformedData = { dependencies: licenseArray.map(dep => { const licenseType = Array.isArray(dep.licenseType) ? dep.licenseType.join(', ') : (dep.licenseType || 'Unknown'); const licenseUrl = dep.link || getLicenseUrl(licenseType); - + return { moduleName: dep.name, moduleUrl: dep.repository || dep.url || `https://www.npmjs.com/package/${dep.name}`, @@ -113,29 +113,29 @@ try { }; }) }; - + // Log summary of license types found const licenseSummary = licenseArray.reduce((acc, dep) => { const license = Array.isArray(dep.licenseType) ? dep.licenseType.join(', ') : (dep.licenseType || 'Unknown'); acc[license] = (acc[license] || 0) + 1; return acc; }, {}); - + console.log('šŸ“Š License types found:'); Object.entries(licenseSummary).forEach(([license, count]) => { console.log(` ${license}: ${count} packages`); }); - + // Log any complex or unusual license formats for debugging - const complexLicenses = licenseArray.filter(dep => + const complexLicenses = licenseArray.filter(dep => dep.licenseType && ( - dep.licenseType.includes('AND') || - dep.licenseType.includes('OR') || + dep.licenseType.includes('AND') || + dep.licenseType.includes('OR') || dep.licenseType === 'Unknown' || dep.licenseType.includes('SEE LICENSE') ) ); - + if (complexLicenses.length > 0) { console.log('\nšŸ” Complex/Edge case licenses detected:'); complexLicenses.forEach(dep => { @@ -150,7 +150,7 @@ try { problematicLicenses.forEach(warning => { console.log(` ${warning.message}`); }); - + // Write license warnings to a separate file for CI/CD const warningsFile = path.join(__dirname, '..', 'src', 'assets', 'license-warnings.json'); fs.writeFileSync(warningsFile, JSON.stringify({ @@ -164,11 +164,11 @@ try { // Write to file fs.writeFileSync(OUTPUT_FILE, JSON.stringify(transformedData, null, 4)); - + console.log(`āœ… License report generated successfully!`); console.log(`šŸ“„ Found ${transformedData.dependencies.length} dependencies`); console.log(`šŸ’¾ Saved to: ${OUTPUT_FILE}`); - + } catch (error) { console.error('āŒ Error generating license report:', error.message); process.exit(1); @@ -179,9 +179,10 @@ try { */ function getLicenseUrl(licenseType) { if (!licenseType || licenseType === 'Unknown') return ''; - + const licenseUrls = { 'MIT': 'https://opensource.org/licenses/MIT', + 'MIT*': 'https://opensource.org/licenses/MIT', 'Apache-2.0': 'https://www.apache.org/licenses/LICENSE-2.0', 'Apache License 2.0': 'https://www.apache.org/licenses/LICENSE-2.0', 'BSD-3-Clause': 'https://opensource.org/licenses/BSD-3-Clause', @@ -206,12 +207,12 @@ function getLicenseUrl(licenseType) { 'Public Domain': 'https://creativecommons.org/publicdomain/zero/1.0/', 'UNLICENSED': '' }; - + // Try exact match first if (licenseUrls[licenseType]) { return licenseUrls[licenseType]; } - + // Try case-insensitive match const lowerType = licenseType.toLowerCase(); for (const [key, url] of Object.entries(licenseUrls)) { @@ -219,7 +220,7 @@ function getLicenseUrl(licenseType) { return url; } } - + // Handle complex SPDX expressions like "(MIT AND Zlib)" or "(MIT OR CC0-1.0)" if (licenseType.includes('AND') || licenseType.includes('OR')) { // Extract the first license from compound expressions for URL @@ -228,7 +229,7 @@ function getLicenseUrl(licenseType) { return licenseUrls[match[1]]; } } - + // For non-standard licenses, return empty string (will use package link if available) return ''; } @@ -238,7 +239,7 @@ function getLicenseUrl(licenseType) { */ function checkLicenseCompatibility(licenseSummary, licenseArray) { const warnings = []; - + // Define problematic license patterns const problematicLicenses = { // Copyleft licenses @@ -248,7 +249,7 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { 'LGPL-3.0': 'Weak copyleft license - may require source disclosure for modifications', 'AGPL-3.0': 'Network copyleft license - requires source disclosure for network use', 'AGPL-1.0': 'Network copyleft license - requires source disclosure for network use', - + // Other potentially problematic licenses 'WTFPL': 'Potentially problematic license - legal uncertainty', 'CC-BY-SA-4.0': 'ShareAlike license - requires derivative works to use same license', @@ -267,47 +268,47 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { 'UNLICENSED': 'No license specified - usage rights unclear', 'Unknown': 'License not detected - manual review required' }; - + // Known good licenses (no warnings needed) const goodLicenses = new Set([ - 'MIT', 'Apache-2.0', 'Apache License 2.0', 'BSD-2-Clause', 'BSD-3-Clause', 'BSD', + 'MIT', 'MIT*', 'Apache-2.0', 'Apache License 2.0', 'BSD-2-Clause', 'BSD-3-Clause', 'BSD', 'ISC', 'CC0-1.0', 'Public Domain', 'Unlicense', '0BSD', 'BlueOak-1.0.0', 'Zlib', 'Artistic-2.0', 'Python-2.0', 'Ruby', 'MPL-2.0', 'CC-BY-4.0', 'SEE LICENSE IN https://raw.githubusercontent.com/Stirling-Tools/Stirling-PDF/refs/heads/main/proprietary/LICENSE' ]); - + // Helper function to normalize license names for comparison function normalizeLicense(license) { return license .replace(/-or-later$/, '') // Remove -or-later suffix - .replace(/\+$/, '') // Remove + suffix + .replace(/\+$/, '') // Remove + suffix .trim(); } - + // Check each license type Object.entries(licenseSummary).forEach(([license, count]) => { // Skip known good licenses if (goodLicenses.has(license)) { return; } - + // Check if this license only affects our own packages const affectedPackages = licenseArray.filter(dep => { const depLicense = Array.isArray(dep.licenseType) ? dep.licenseType.join(', ') : dep.licenseType; return depLicense === license; }); - - const isOnlyOurPackages = affectedPackages.every(dep => - dep.name === 'frontend' || + + const isOnlyOurPackages = affectedPackages.every(dep => + dep.name === 'frontend' || dep.name.toLowerCase().includes('stirling-pdf') || dep.name.toLowerCase().includes('stirling_pdf') || dep.name.toLowerCase().includes('stirlingpdf') ); - + if (isOnlyOurPackages && (license === 'UNLICENSED' || license.startsWith('SEE LICENSE IN'))) { return; // Skip warnings for our own Stirling-PDF packages } - + // Check for compound licenses like "(MIT AND Zlib)" or "(MIT OR CC0-1.0)" if (license.includes('AND') || license.includes('OR')) { // For OR licenses, check if there's at least one acceptable license option @@ -317,23 +318,23 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { .replace(/[()]/g, '') // Remove parentheses .split(' OR ') .map(component => component.trim()); - + // Check if any component is in the goodLicenses set (with normalization) const hasGoodLicense = orComponents.some(component => { const normalized = normalizeLicense(component); return goodLicenses.has(component) || goodLicenses.has(normalized); }); - + if (hasGoodLicense) { return; // Skip warning - can use the good license option } } - + // For AND licenses or OR licenses with no good options, check for problematic components - const hasProblematicComponent = Object.keys(problematicLicenses).some(problematic => + const hasProblematicComponent = Object.keys(problematicLicenses).some(problematic => license.includes(problematic) ); - + if (hasProblematicComponent) { const affectedPackages = licenseArray .filter(dep => { @@ -345,12 +346,12 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { version: dep.version, url: dep.repository || dep.url || `https://www.npmjs.com/package/${dep.name}` })); - + const licenseType = license.includes('AND') ? 'AND' : 'OR'; - const reason = licenseType === 'AND' + const reason = licenseType === 'AND' ? 'Compound license with AND requirement - all components must be compatible' : 'Compound license with potentially problematic components and no good fallback options'; - + warnings.push({ message: `šŸ“‹ This PR contains ${count} package${count > 1 ? 's' : ''} with compound license "${license}" - manual review recommended`, licenseType: license, @@ -362,7 +363,7 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { } return; } - + // Check for exact matches with problematic licenses if (problematicLicenses[license]) { const affectedPackages = licenseArray @@ -375,10 +376,10 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { version: dep.version, url: dep.repository || dep.url || `https://www.npmjs.com/package/${dep.name}` })); - + const packageList = affectedPackages.map(pkg => pkg.name).slice(0, 5).join(', ') + (affectedPackages.length > 5 ? `, and ${affectedPackages.length - 5} more` : ''); const licenseUrl = getLicenseUrl(license) || 'https://opensource.org/licenses'; - + warnings.push({ message: `āš ļø This PR contains ${count} package${count > 1 ? 's' : ''} with license type [${license}](${licenseUrl}) - ${problematicLicenses[license]}. Affected packages: ${packageList}`, licenseType: license, @@ -399,7 +400,7 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { version: dep.version, url: dep.repository || dep.url || `https://www.npmjs.com/package/${dep.name}` })); - + warnings.push({ message: `ā“ This PR contains ${count} package${count > 1 ? 's' : ''} with unknown license type "${license}" - manual review required`, licenseType: license, @@ -410,6 +411,6 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) { }); } }); - + return warnings; -} \ No newline at end of file +}