hiqdev / asset-packagist

Asset Packagist
https://asset-packagist.org
BSD 3-Clause "New" or "Revised" License
247 stars 25 forks source link

Older NPM repositorys may have used objects when defining licences. #87

Closed richgerdes closed 6 years ago

richgerdes commented 6 years ago

An over version of the NPM package spec defined that packages could use object notation to define licenses. The npm specification included support for defining custom licenses using a object, containing structure similar to:

{ "license" :
  { "type" : "ISC"
  , "url" : "https://opensource.org/licenses/ISC"
  }
}

The specification notes that this format, is no longer supported, but some npm/bower packages have not been updated and still use this format. Composer does not support this format for licenses. Thus, the existence of packages with this license format, can cause issues with satis instances which mirror asset packaging dependencies, or php libraries that otherwise parse the composer package definitions following specifications.

In particular, I ran into this issue when including a packages that had tv4 and debuglog as dependencies. Both of these packages have version which include the outdated license spec, and as a result, cause the satis instance to fail when processing the default package.html.twig template.

In package.html.twig line 48: An exception has been thrown during the rendering of a template ("Array to string conversion").

Since Asset packagist is doing the conversion between npm/bower and composer package formats, it should be handling the conversion and formatting of the license format. Since the old format required urls in for the licence object, the url should be kept and and other metadata should be dropped. If the format doesn't contain a url, the name can be kept as a stand in, otherwise, it should be dropped all together.

hiqsol commented 6 years ago

Fixed in composer-asset-plugin.

richgerdes commented 6 years ago

Thanks again!