search

davglass / license-checker

Check NPM package licenses
Other
1.62k stars 214 forks source link

Inconsistency between exclude and allowOnly #138

Open Legiew opened 6 years ago

Legiew commented 6 years ago

Hey,

I found an inconsistency between exclude and allowOnly behaviour.

If you npm install the following package.json and execute the task license-check-exclude the output will be empty, so all licenses are covered by the exclude list.

If you execute license-check-onlyAllow instead it complains about not allowed licenses. (For example: Custom: https://github.com/douglascrockford/JSON-js and AFLv2.1,BSD)

In my opinion the algorithm for searching and checking the licenses should get to the same result here.

Another bug I found is, that even if you add the custom url to the onlyAllow list, it is still be found. After some searching through your code I think it happens because whitespace is deleted in the init function.

We want to use your module for checking our installed licenses but with these two bugs it is not usable for us.

{
    "name": "test",
    "version": "0.1.0",
    "private": true,
    "scripts": {        
        "license-check-exclude": "license-checker --production --exclude \"MIT, ISC, MIT*, BSD-3-Clause, BSD-2-Clause, BSD*, Apache-2.0, Unlicense, Public Domain\"",
    "license-check-onlyAllow": "license-checker --production --onlyAllow \"MIT, ISC, MIT*, BSD-3-Clause, BSD-2-Clause, BSD*, Apache-2.0, Unlicense, Public Domain\""
    },
    "devDependencies": {
        "@types/body-parser": "1.16.8",
        "@types/commander": "2.12.2",
        "@types/express": "4.11.1",
        "@types/gulp": "3.8.36",
        "@types/gulp-istanbul": "0.9.32",
        "@types/gulp-sourcemaps": "0.0.32",
        "@types/gulp-tslint": "4.2.0",
        "@types/jasmine": "2.8.6",
        "@types/mongoose": "5.0.2",
        "@types/morgan": "1.7.35",
        "@types/multer": "1.3.6",
        "@types/node": "8.9.4",
        "@types/request-promise-native": "1.0.13",
        "@types/supertest": "2.0.4",
        "@types/uuid": "3.4.3",
        "@types/winston": "2.3.8",
        "gulp": "3.9.1",
        "gulp-istanbul": "1.1.3",
        "gulp-jasmine": "3.0.0",
        "gulp-sourcemaps": "2.6.4",
        "gulp-tslint": "8.1.3",
        "gulp-typescript": "3.2.4",
        "istanbul": "0.4.5",
        "jasmine": "3.0.0",
        "license-checker": "16.0.0",
        "remap-istanbul": "0.10.1",
        "supertest": "3.0.0",
        "tslint": "5.9.1",
        "typescript": "2.7.1"
    },
    "dependencies": {
        "body-parser": "1.18.2",
        "commander": "2.14.1",
        "express": "4.16.2",
        "iconv-lite": "0.4.19",
        "inversify": "4.10.0",
        "mongoose": "5.0.5",
        "morgan": "1.9.0",
        "multer": "1.3.0",
        "request": "2.83.0",
        "request-promise-native": "1.0.5",
        "routing-controllers": "0.7.6",
        "uuid": "3.2.1",
        "winston": "2.4.0"
    }
}
jonny-improbable commented 6 years ago

I believe this issue is fixed by #179 as the --allowOnly check is now performed after any filtering/restriction of packages.