Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Associate node package licenses from node_modules #1152

Merged
merged 3 commits into from
Aug 16, 2022
Merged

Associate node package licenses from node_modules #1152

merged 3 commits into from
Aug 16, 2022

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Aug 9, 2022
edited
Loading

This PR adds a hook in the GenericCataloger which allows post-processing such as searching for licenses, which is also used by the javascript lockfile cataloger to search for package.json files and extract license information, if found.

Closes #845

@kzantow
Search node_modules for license information
2e49062 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow requested a review from a team August 9, 2022 15:30
@kzantow
Address PR feedback
de357fb 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow requested a review from wagoodman August 16, 2022 17:02
@kzantow
Fix make generate-license-list and update license list
ae14653 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow merged commit 21eb772 into anchore:main Aug 16, 2022
@kzantow kzantow deleted the associate-npm-licenses branch August 16, 2022 18:14
@martin-langhoff
Copy link

Yay!!!

spiffcs added a commit to scothis/syft that referenced this pull request Aug 24, 2022
@spiffcs
Merge branch 'main' into package-private
01836fa 
* main:
  Update syft bootstrap tools to latest versions. (anchore#1171)
  Fix update-bootstrap-tools workflow (anchore#1170)
  workflow to create automated PRs to update bootstrap tools (anchore#1167)
  feat: add support for licenses in package-lock json v2 (anchore#1164)
  External sources configuration (anchore#1158)
  feat: add support for pnpm (anchore#1166)
  Prevent symlinks causing duplicate package-file relationships (anchore#1168)
  Associate node package licenses from node_modules (anchore#1152)
  Give the contributing guide a substantial rework (anchore#1155)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs added a commit that referenced this pull request Aug 25, 2022
@spiffcs
Merge branch 'main' into 1095-convert-option-error
ca445f8 
* main:
  Update syft bootstrap tools to latest versions. (#1176)
  enhance development support on macOS ARM (#1163)
  Capture if a node module is private (#1161)
  Find version numbers from jars with different naming conventions (#1174)
  Update syft bootstrap tools to latest versions. (#1171)
  Fix update-bootstrap-tools workflow (#1170)
  workflow to create automated PRs to update bootstrap tools (#1167)
  feat: add support for licenses in package-lock json v2 (#1164)
  External sources configuration (#1158)
  feat: add support for pnpm (#1166)
  Prevent symlinks causing duplicate package-file relationships (#1168)
  Associate node package licenses from node_modules (#1152)
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
@kzantow @aiwantaozi
Associate node package licenses from node_modules (anchore#1152)
7ca61d7
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
Associate node package licenses from node_modules (anchore#1152)
a281da5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No licenses included in scan with yarn.lock
3 participants
@kzantow @martin-langhoff @wagoodman