feat: allow using UNKNOWN for checks and queries (#230)

tmorell · May 14, 2024 · b9216b3 · b9216b3
1 parent c6c2f9f
commit b9216b3
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 29 deletions.
diff --git a/src/license.ts b/src/license.ts
@@ -81,11 +81,12 @@ export function onlyAllow(packages: Array<Package>, configuration: Pick<Configur
 
     const invalidPackages = new Array<Package>();
     const spdxLicense = argsToSpdxLicense(configuration.allow);
+    const allowUnknown = configuration.allow.findIndex((value): boolean => value === Literals.UNKNOWN) >= 0;
     for (const pack of packages) {
         const matches =
-            pack.license !== Literals.UNKNOWN &&
             pack.license !== Literals.CUSTOM &&
-            satisfies(spdxLicense, pack.license);
+            (satisfies(spdxLicense, pack.license) || (pack.license === Literals.UNKNOWN && allowUnknown));
+
         debug(
             chalk.blue(pack.name),
             "/",
@@ -131,7 +132,7 @@ async function extractLicense(pack: NpmPackage, packPath: string): Promise<Licen
         };
     }
 
-    if (pack.license && pack.license.type) {
+    if (pack.license?.type) {
         return {
             name: pack.license.type,
             path: licensePath,

diff --git a/src/program.ts b/src/program.ts
@@ -21,12 +21,12 @@ export function processArgs(): Configuration {
         .option<Array<string>>(
             "-q, --query <licenses>",
             "Semicolon separated list of licenses to query. Must conform to SPDX specifications.",
-            verifyQuery,
+            verifyLicense("query"),
         )
         .option<Array<string>>(
             "-a, --allow <licenses>",
             "Semicolon separated list of allowed licenses. Must conform to SPDX specifications.",
-            verifyAllow,
+            verifyLicense("allow"),
         )
         .option<Array<string | RegExp>>(
             "-e, --exclude <packages>",
@@ -45,30 +45,19 @@ function help(errorMessage: string): void {
     console.info(program.help());
 }
 
-function verifyAllow(value: string): Array<string> {
-    return value
-        .split(";")
-        .map((license): string => license.trim())
-        .filter((license): boolean => !!license)
-        .map((license): string => {
-            if (!isLicenseValid(license)) {
-                help(`Invalid --allow option "${license}"`);
-            }
-            return license;
-        });
-}
-
-function verifyQuery(value: string): Array<string> {
-    return value
-        .split(";")
-        .map((license): string => license.trim())
-        .filter((license): boolean => !!license)
-        .map((license): string => {
-            if (!isLicenseValid(license) && license !== "UNKNOWN") {
-                help(`Invalid --query option "${license}"`);
-            }
-            return license;
-        });
+function verifyLicense(arg: string): (value: string) => Array<string> {
+    return (value: string): Array<string> => {
+        return value
+            .split(";")
+            .map((license): string => license.trim())
+            .filter((license): boolean => !!license)
+            .map((license): string => {
+                if (!isLicenseValid(license) && license !== "UNKNOWN") {
+                    help(`Invalid --${arg} option "${license}"`);
+                }
+                return license;
+            });
+    };
 }
 
 function verifyExclude(value: string): Array<string | RegExp> {

diff --git a/tests/license/onlyAllow.spec.ts b/tests/license/onlyAllow.spec.ts
@@ -145,6 +145,39 @@ test("Some packages not allowed, OR licenses", (t): void => {
     t.is(invalid[0].name, "test-04");
 });
 
+test("Allow UNKNOWN", (t): void => {
+    const packages: Array<Package> = [
+        {
+            name: "test-01",
+            path: "test-01",
+            version: "1.0.0",
+            license: "UNKNOWN",
+            repository: "company/project",
+        },
+        {
+            name: "test-02",
+            path: "test-02",
+            version: "2.0.0",
+            license: "(BSD-2-Clause OR MIT)",
+            repository: "company/project",
+        },
+        {
+            name: "test-03",
+            path: "test-03",
+            version: "1.0.0",
+            license: "(UNKNOWN OR MIT)",
+            repository: "company/project",
+        },
+    ];
+
+    // Arguments
+    const invalid = onlyAllow(packages, { allow: ["Apache-2.0", "UNKNOWN", "ISC"] });
+
+    t.is(invalid.length, 2);
+    t.is(invalid[0].name, "test-02");
+    t.is(invalid[1].name, "test-03"); // This license does is not valid
+});
+
 test("Doesn't choke on invalid SPDX", (t): void => {
     const packages: Array<Package> = [
         {