LicenseFinder
LicenseFinder copied to clipboard
Published
20 hours ago •
pivotal
pivotal
LicenseFinder fails with npm projects
When using LicenseFinder on npm projects, we often have an error exit.
It's using npm install and npm list under the hood to get a list of dependencies, but npm list fails with:
[...]
LicenseFinder::NPM: is active
/usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/package_managers/npm.rb:35:in `npm_json': Command 'npm list --json --long' failed to execute: npm ERR! peer dep missing: @nuxtjs/axios@^4.5.2, required by [email protected] (RuntimeError)
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! missing: [email protected], required by [email protected]
npm ERR! peer dep missing: ajv@^6.0.0, required by [email protected]
npm ERR! peer dep missing: ajv@^6.0.0, required by [email protected]
npm ERR! peer dep missing: ajv@^6.0.0, required by [email protected]
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/package_managers/npm.rb:7:in `current_packages'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/package_manager.rb:90:in `current_packages_with_relations'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/scanner.rb:15:in `each'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/scanner.rb:15:in `flat_map'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/scanner.rb:15:in `active_packages'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/core.rb:81:in `current_packages'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/core.rb:76:in `decision_applier'
from /usr/local/rvm/rubies/ruby-2.5.1/lib/ruby/2.5.0/forwardable.rb:223:in `acknowledged'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/license_aggregator.rb:47:in `block in aggregate_packages'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/license_aggregator.rb:45:in `each'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/license_aggregator.rb:45:in `flat_map'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/license_aggregator.rb:45:in `aggregate_packages'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/license_aggregator.rb:9:in `dependencies'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/cli/main.rb:127:in `report'
from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
from /usr/local/rvm/gems/ruby-2.5.1/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
from /usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/bin/license_finder:5:in `<top (required)>'
from /usr/local/rvm/gems/ruby-2.5.1/bin/license_finder:23:in `load'
from /usr/local/rvm/gems/ruby-2.5.1/bin/license_finder:23:in `<main>'
ERROR: Job failed: exit code 1
(with the project https://gitlab.com/gitlab-org/security-products/tests/js-npm for example)
+1 on a Angular project.
/usr/local/rvm/gems/ruby-2.5.1/gems/license_finder-5.1.0/lib/license_finder/package_managers/npm.rb:35:in `npm_json': Command 'npm list --json --long' failed to execute: npm ERR! peer dep missing: @angular/[email protected], required by @angular/[email protected] (RuntimeError)
npm ERR! peer dep missing: @angular/[email protected], required by @angular/[email protected]
npm ERR! peer dep missing: @angular/[email protected], required by @angular/[email protected]
npm ERR! peer dep missing: @angular/[email protected], required by @angular/[email protected]
npm ERR! peer dep missing: @angular/[email protected], required by @angular/[email protected]
npm ERR! peer dep missing: @angular/[email protected], required by @angular/[email protected]
npm ERR! peer dep missing: @angular/core@^4.0.0, required by [email protected]
I'm going to follow up on a couple things I did to reduce some of the errors.
So after locally looking at the output of npm list --json --long I did some research.
rm -r node_modules package-lock.json
npm install --no-optional
npm dedupe
This now left me with 1 ERR!
npm ERR! peer dep missing: @angular/core@^4.0.0, required by [email protected]
No matter how many I have, LicenseFinder always fails when there are missing peer dependencies 😢
Command 'npm list --json --long --production' failed to execute: npm ERR! peer dep missing: X, required by Y(RuntimeError)
The issue is here.
https://github.com/pivotal/LicenseFinder/blob/ad1ebf4b201a88c483dd53712568f773a02740c5/lib/license_finder/package_managers/npm.rb#L35-L40
Looks like when a package has unmet peer dependencies, npm will return a list of the missing peer dependencies in stderr. An exception is raised in this case even though stdout still contains the valid data needed for license extraction.
This is probably NOT the correct way to permanently fix this as it may blow up if there are more than peer dependency errors present. But if the only error is regarding unmet peer dependencies, the below work around should work in a pinch.
def npm_json
command = "#{NPM.package_management_command} list --json --long#{production_flag}"
stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
if not status.success? and not stderr.include? "npm ERR! peer dep missing:"
raise "Command '#{command}' failed to execute: #{stderr}"
end
JSON.parse(stdout)
end
