scancode-toolkit icon indicating copy to clipboard operation
scancode-toolkit copied to clipboard
verified publisher icon nexB

Secondary flag error from `click` package

Open mthalman opened this issue 3 months ago • 5 comments

Description

When attempting to run scancode with the latest version of click that gets brought in as a dependency, you get the following error:

Traceback (most recent call last):
  File "/tmp/scancode-env/bin/scancode", line 5, in <module>
    from scancode.cli import scancode
  File "/tmp/scancode-env/lib/python3.10/site-packages/scancode/cli.py", line 383, in <module>
    def scancode(
  File "/tmp/scancode-env/lib/python3.10/site-packages/click/decorators.py", line 374, in decorator
    _param_memo(f, cls(param_decls, **attrs))
  File "/tmp/scancode-env/lib/python3.10/site-packages/commoncode/cliutils.py", line 454, in __init__
    super(PluggableCommandLineOption, self).__init__(
  File "/tmp/scancode-env/lib/python3.10/site-packages/click/core.py", line 2793, in __init__
    raise TypeError("Secondary flag is not valid for non-boolean flag.")
TypeError: Secondary flag is not valid for non-boolean flag.

How To Reproduce

  • Install scancode 32.4.1 with pip on Linux x64
  • Run scancode --license <repo-path>

mthalman avatar Sep 25 '25 18:09 mthalman

I'm encountering this as well. I avoided this when I downloaded the 32.4.1 release TAR archive, which includes its own venv with click==8.2.1, whereas installing scancode-toolkit via pip brings in click==8.3.0.

I was able to temporarily work around the issue by downgrading click:

pip install click==8.2.1 --upgrade

Meanwhile, we should probably open an issue upstream for this.

rtorok-zr avatar Sep 25 '25 20:09 rtorok-zr

Did any of you managed to find a workaround for this error for their github action ?

dulubeidenis avatar Sep 26 '25 11:09 dulubeidenis

@AyanSinhaMahapatra ^

pombredanne avatar Oct 13 '25 15:10 pombredanne

See https://github.com/aboutcode-org/scancode-toolkit/issues/4573#issuecomment-3441729175 for details on the underlying reason for these failures and the fixes applied at:

  • https://github.com/aboutcode-org/commoncode/pull/92 released with commoncode v32.4.0 which fixes the issues mentioned here
  • https://github.com/aboutcode-org/scancode-toolkit/pull/4591 fixes the remaining issues by setting the default values explicitly for all click options.

We need a new scancode release for the click compatibility issues to be fully fixed.

AyanSinhaMahapatra avatar Oct 24 '25 08:10 AyanSinhaMahapatra

Thank you for the detailed information and for linking to the relevant PRs and releases!

I can see the comprehensive fix strategy:

  • commoncode v32.4.0 (from commoncode#92) addresses the core Click compatibility issues
  • PR #4591 handles the scancode-side fixes by explicitly setting default values for all click options

The underlying issue with Click 8.3.0's UNSET Sentinel value and its interaction with PluggableCommandLineOption has been thoroughly addressed.

I understand a new scancode release is needed to bundle these fixes together. Is there an estimated timeline for the next release, or should users currently experiencing these issues pin to Python 3.12 until then?

Thank you for the quick response and comprehensive fixes!

karthiknew07 avatar Oct 24 '25 08:10 karthiknew07