dash-licenses icon indicating copy to clipboard operation
dash-licenses copied to clipboard
verified publisher icon eclipse

Sort out how to identify Ruby dependencies and find source

Open waynebeaton opened this issue 3 years ago • 0 comments

I'm thinking that we work from the Gemfile.lock, but haven't gotten much further than this.

It looks like Ruby has a gem that can provide dependency information. The Gemfile.lock appears to contain version ranges, but we need to resolve them to a specific version, so we'll likely suggest the use of this gem.

e.g.,

GEM
  remote: https://rubygems.org/
  specs:
    ast (2.4.2)
    bcrypt (3.1.18)
    chunky_png (1.4.0)
    daemons (1.4.1)
    eventmachine (1.2.7)
    haml (5.2.2)
      temple (>= 0.8.0)
      tilt
    jwt (2.4.1)
    multi_json (1.15.0)
    mustermann (1.1.1)
      ruby2_keywords (~> 0.0.1)
...

Once we have the dependency information, we need to sort out how ClearlyDefined expects the ID be formed.

We then need to make sure that we have some means of tracking that ID to source.

waynebeaton avatar Sep 22 '22 21:09 waynebeaton