search

kessler / license-report

create a short report about a project's dependencies (license, url etc)
MIT License
236 stars 39 forks source link

Error: invalid package: @reactivex/rxjs@^5.0.0-rc.1 #5

Closed eanders-ms closed 7 years ago

eanders-ms commented 8 years ago

Hello! license-report throws an exception when trying to read package @reactivex/rxjs@^5.0.0-rc.1

croes commented 8 years ago

Same with @types packages (used for TypeScript definitions):

/usr/local/lib/node_modules/license-report/lib/getPackageReportData.js:20
                        throw new Error('invalid package: ' + package)
                        ^

Error: invalid package: @types/chai@3.4.34
    at getPackageReportData (/usr/local/lib/node_modules/license-report/lib/getPackageReportData.js:20:10)
    at /usr/local/lib/node_modules/license-report/node_modules/async/lib/async.js:246:17
    at /usr/local/lib/node_modules/license-report/node_modules/async/lib/async.js:122:13
    at _each (/usr/local/lib/node_modules/license-report/node_modules/async/lib/async.js:46:13)
    at async.each (/usr/local/lib/node_modules/license-report/node_modules/async/lib/async.js:121:9)
    at _asyncMap (/usr/local/lib/node_modules/license-report/node_modules/async/lib/async.js:245:13)
    at Object.map (/usr/local/lib/node_modules/license-report/node_modules/async/lib/async.js:216:23)
    at Object.<anonymous> (/usr/local/lib/node_modules/license-report/index.js:38:7)
    at Module._compile (module.js:410:26)
    at Object.Module._extensions..js (module.js:417:10)
vanthome commented 7 years ago

Same for Angular 2 Packages like Error: invalid package: @angular/common@^2.2.0 Will this be fixed?

timbru31 commented 7 years ago

Same for Error: invalid package: @types/body-parser@0.0.33 Any fix coming soon?

Edit: #7 seems to fix it. Any chance of getting it pulled?

danmana commented 7 years ago

I don't know if #7 is fixing @types dependencies, but it doesn't fix things like @angular/core.

What that code does is strip the @angular part and makes it search for a package named "core" in npm with a version of "undefined", which is definetly not ok.

I undid fix #7 and instead made a change in getPackageReportData to correctly extract the package name and version from something like @angular/core@^4.0.0

var versionIndex = package.lastIndexOf('@');

if (versionIndex === -1) {
    throw new Error('invalid package: ' + package)
}

callback = versionRangeOrCallback
versionRange = package.substring(versionIndex + 1);
package = package.substring(0, versionIndex);

With this change I hit another issue:

The script tries to download the package information from npm using: https://registry.npmjs.org/@angular/core which fails. The slash in @angular/core needs to be url encoded => https://registry.npmjs.org/@angular%2Fcore

If I fix this as well it then tries to download https://registry.npmjs.org/@angular%2Fcore/4.2.0-rc.1 which as far as I can tell should work, but npm denies it.

https://registry.npmjs.org/@angular%2Fcore/4.2.0-rc.1 

status:401
npm-notice:ERROR: you cannot fetch versions for scoped packages

This looks like a restriction imposed by the npm registry for scoped packages. Does anyone with better npm understanding have any ideas of how to solve this?

The only thing I can think of is using the local package.json from node_modules as proposed in pr #4

Edit: can confirm that using the code from pr #4 correctly detects the licenses from packages like @angular/core and @types/lodash etc. The only issue with that pr is for the usecase mentioned in that thread - running with only the package.json without local node_modules