scancode-toolkit
scancode-toolkit copied to clipboard
nexB
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
This PR updates `DatafileHandler.assemble()` and `DatafileHandler.assemble_from_many()` to yield Packages, Dependencies, and Resources before associating Packages to Resources using a `package_adder`. This is to help with using packagedcode Package handlers in...
Note that package.declared_license can be any data structure. It has been confusing to several because "declared license" is used differently by other orgs, such as SPDX. Rename to: **extracted_license_statement** The...
We have Contributor License agreements as licenses/rules in scancode and we should consider if we report these instead as `license_clues` instead of adding them in `license_detections` proper. The steps discussed...
## Short Description gradle is a build tool for the ajva ecosystem especially popular in android apps. nebula gradle dependency lock allows developer to lock their gradle dependencies and sub...
Following discussions in https://github.com/nexB/scancode-toolkit/issues/2877 there is service: https://docs.microsoft.com/en-us/nuget/nuget-org/licenses.nuget.org Therefore we can have SPDX expressions of this shape `https://licenses.nuget.org/(LGPL-2.0-only WITH FLTK-exception OR Apache-2.0+)` We should extend the matcher used to detect...
I have compiled a text file that contains erroneous copyright detection values. I have removed quote characters and separated each copyright value by several lines. [bad-copyright-detections.txt](https://github.com/nexB/scancode-toolkit/files/5985058/bad-copyright-detections.txt)
We are detecting an AGPL with `agpl-3.0-plus_152.RULE` and this text `http://www.ghostscript.com` ... for instance from https://github.com/ReactiveX/rxjs/blob/6.x/README.md This is noisy. There are two ways out: 1. remove these short URL and...
We want to reuse the code from the `assembly()` method of the different `PackageHandler`s in scancode.io, and the current method of associating Packages to Resources (in the `assembly()` methods), where...
Use VSCode devcontainer infrastructure to allow remote or containerized development to avoid install multiple depenencies on host machine Installed: - python 3.10.2 ( base official Docker image on debian Bullseye...
These are valuable package information https://pypi.org/project/pyaxmlparser/ @ https://github.com/appknox/pyaxmlparser does a nice job