Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency scanner for pub can't load Copyright Text #41

Open
namkyu1999 opened this issue Aug 10, 2021 · 6 comments
Open

Dependency scanner for pub can't load Copyright Text #41

namkyu1999 opened this issue Aug 10, 2021 · 6 comments
Assignees
@dd-jy
Labels
enhancement [PR/Issue] New feature or request

Comments

@namkyu1999
Copy link

Describe the bug
I'm using dependency_scanner for my flutter project. I 'm generate oss license file like below
image

When i run fosslight_dependency_scanner, this software generate file without copyright text. I don't know why because my dart file have license text. Is there any other reason?
image
@namkyu1999 namkyu1999 added the bug [Issue] Something isn't working label Aug 10, 2021
@namkyu1999
Copy link
Author

I found it . This code is written like below.

fosslight_dependency_scanner/src/fosslight_dependency/analyze_dependency.py

Line 797 in 0a4e9e2

sheet_list["SRC"].append(['pubspec.yaml', oss_name, oss_version, license_name, dn_loc, homepage, '', '', ''])

Any plans to support this feature?

@dd-jy dd-jy added enhancement [PR/Issue] New feature or request and removed bug [Issue] Something isn't working labels Aug 11, 2021
@dd-jy
Copy link
Contributor

dd-jy commented Aug 11, 2021
edited
Loading

@namkyu1999
Thanks for the reporting it!

The output file of flutter dependency scanning ('oss_licenses.dart') has the element of license and it contains the license text.
It means that the license could not include copyright text. (Because license text could contain the copyright text or not.)

Also it needs to detect the copyright text in license.
We used the 'nomos standalone binary' for detecting license name with license. If you know the tools that detect the copyright text, please let me know. Then we will support it.

@namkyu1999
Copy link
Author

How about using scancode-toolkit? Your team already used this package in 'fosslight_source_scanner'.

@dd-jy
Copy link
Contributor

dd-jy commented Aug 13, 2021

In fact, scancode-toolkit is a bit heavy for fosslight_dependency_scanner to use. But it would be nice if the tools could be unified and the copyright could also be detected. We will consider to replace it.

@pombredanne
Copy link

How about using scancode-toolkit? Your team already used this package in 'fosslight_source_scanner'.

scancode-toolkit maintainer here. Tell me if I can help.

scancode-toolkit is a bit heavy

It has a few dependencies but it has quite decent license and copyright detection support, IMHO ;)

@dd-jy
Copy link
Contributor

dd-jy commented Aug 27, 2021

@pombredanne
We are still on the fence whether this function will be performed in the dependency scanner or in the upper scanner.
I think it will take some time.
I'll tell you if I need help later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dd-jy dd-jy

Labels
enhancement [PR/Issue] New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pombredanne @dd-jy @namkyu1999