search

apache / pulsar-client-node

Apache Pulsar NodeJS Client
https://pulsar.apache.org/
Apache License 2.0
148 stars 86 forks source link

Use license-checker directly instead of grunt-license-report #340

Closed massakam closed 1 year ago

massakam commented 1 year ago

Motivation

Executing npm run license:report in this repository will report the licenses of dependent modules to report/licenses.html. However, the grunt-license-report module used by this command has not been maintained for nearly a decade, and the GitHub repository is a dead link. As a result, some modules with security vulnerabilities are installed by grunt-license-report dependencies.

Modifications

Removed grunt-license-report from dev dependencies and added license-checker instead. license-checker has already been installed since grunt-license-report depends on it, but its version is 2.0.1 which is very old. Installing license-checker directly bumps its version to 25.0.1.

By the way, license-checker also hasn't been released in about 5 years, but it seems to be much more widely used than grunt-license-report.

Verifying this change

Documentation

massakam commented 1 year ago

Build NAPI macos - Node 18 - arm64 is failing, but it appears to be unrelated to this change.

ld: archive has no table of contents file '/Users/runner/work/pulsar-client-node/pulsar-client-node/pkg/mac/build-pulsar/install/lib/libpulsarwithdeps.a' for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Failed to execute '/Users/runner/hostedtoolcache/node/18.17.0/x64/bin/node /Users/runner/hostedtoolcache/node/18.17.0/x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --target_arch=arm64 --module=/Users/runner/work/pulsar-client-node/pulsar-client-node/lib/binding/pulsar.node --module_name=pulsar --module_path=/Users/runner/work/pulsar-client-node/pulsar-client-node/lib/binding --napi_version=9 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v108' (1)
make: *** [Release/pulsar.node] Error 1
gyp ERR! build error 
gyp ERR! stack Error: `make` failed with exit code: 2
gyp ERR! stack     at ChildProcess.onExit (/Users/runner/hostedtoolcache/node/18.17.0/x64/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:203:23)
gyp ERR! stack     at ChildProcess.emit (node:events:514:28)
gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:291:12)
gyp ERR! System Darwin 21.6.0
gyp ERR! command "/Users/runner/hostedtoolcache/node/18.17.0/x64/bin/node" "/Users/runner/hostedtoolcache/node/18.17.0/x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build" "--target_arch=arm64" "--module=/Users/runner/work/pulsar-client-node/pulsar-client-node/lib/binding/pulsar.node" "--module_name=pulsar" "--module_path=/Users/runner/work/pulsar-client-node/pulsar-client-node/lib/binding" "--napi_version=9" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v108"
gyp ERR! cwd /Users/runner/work/pulsar-client-node/pulsar-client-node
gyp ERR! node -v v18.17.0
gyp ERR! node-gyp -v v9.3.1
gyp ERR! not ok 
node-pre-gyp ERR! build error 
node-pre-gyp ERR! stack Error: Failed to execute '/Users/runner/hostedtoolcache/node/18.17.0/x64/bin/node /Users/runner/hostedtoolcache/node/18.17.0/x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --target_arch=arm64 --module=/Users/runner/work/pulsar-client-node/pulsar-client-node/lib/binding/pulsar.node --module_name=pulsar --module_path=/Users/runner/work/pulsar-client-node/pulsar-client-node/lib/binding --napi_version=9 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v108' (1)
node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/Users/runner/work/pulsar-client-node/pulsar-client-node/node_modules/@mapbox/node-pre-gyp/lib/util/compile.js:89:23)
node-pre-gyp ERR! stack     at ChildProcess.emit (node:events:514:28)
node-pre-gyp ERR! stack     at maybeClose (node:internal/child_process:1091:16)
node-pre-gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:302:5)
node-pre-gyp ERR! System Darwin 21.6.0
node-pre-gyp ERR! command "/Users/runner/hostedtoolcache/node/18.17.0/x64/bin/node" "/Users/runner/work/pulsar-client-node/pulsar-client-node/node_modules/.bin/node-pre-gyp" "build" "--target_arch=arm64"
node-pre-gyp ERR! cwd /Users/runner/work/pulsar-client-node/pulsar-client-node
node-pre-gyp ERR! node -v v18.17.0
node-pre-gyp ERR! node-pre-gyp -v v1.0.11
node-pre-gyp ERR! not ok 
Error: Process completed with exit code 1.
tisonkun commented 1 year ago

I wrote an executable for doing similar things and it's used in some of Pulsar projects like pulsar-site and pulsar-client-go.

This task should be trivial to implement stably and correctly. (Once it's checked in, there should be no bug to "fix".) I'd propose to switch to my tool if we anyway want to make changes and I'm glad to prepare a patch.

massakam commented 1 year ago

@tisonkun Is this a tool for checking/adding license headers? The command I modified in this PR does not do that, but lists the licenses of the 3rd party modules that this module depends on.

$ npm run license:report

> pulsar-client@1.10.0-rc.0 license:report
> mkdir -p report && license-checker --json > report/licenses.json

$ head -n 30 report/licenses.json

{
  "@aashutoshrathi/word-wrap@1.2.6": {
    "licenses": "MIT",
    "repository": "https://github.com/aashutoshrathi/word-wrap",
    "publisher": "Jon Schlinkert",
    "url": "https://github.com/jonschlinkert",
    "path": "/home/massakam/github/pulsar-client-node/node_modules/@aashutoshrathi/word-wrap",
    "licenseFile": "/home/massakam/github/pulsar-client-node/node_modules/@aashutoshrathi/word-wrap/LICENSE"
  },
  "@ampproject/remapping@2.2.1": {
    "licenses": "Apache-2.0",
    "repository": "https://github.com/ampproject/remapping",
    "publisher": "Justin Ridgewell",
    "email": "jridgewell@google.com",
    "path": "/home/massakam/github/pulsar-client-node/node_modules/@ampproject/remapping",
    "licenseFile": "/home/massakam/github/pulsar-client-node/node_modules/@ampproject/remapping/LICENSE"
  },
  "@assemblyscript/loader@0.10.1": {
    "licenses": "Apache-2.0",
    "repository": "https://github.com/AssemblyScript/assemblyscript",
    "publisher": "Daniel Wirtz",
    "email": "dcode+assemblyscript@dcode.io",
    "path": "/home/massakam/github/pulsar-client-node/node_modules/@assemblyscript/loader",
    "licenseFile": "/home/massakam/github/pulsar-client-node/node_modules/@assemblyscript/loader/README.md"
  },
  "@babel/code-frame@7.12.11": {
    "licenses": "MIT",
    "repository": "https://github.com/babel/babel",
    "publisher": "Sebastian McKenzie",
    "email": "sebmck@gmail.com",
tisonkun commented 1 year ago

@massakam Thanks for your explanation! Then my tool doesn't implement that.

massakam commented 1 year ago

https://github.com/apache/pulsar-client-node/pull/340#issuecomment-1680303094 seems to have been fixed by https://github.com/apache/pulsar-client-node/pull/341.