deprecated licenses detection from package.json (#309)

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

HISTORY.md

@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## unreleased
 
+* Added
+  * Detection for node-package manifests deprecated licenses format in the node-specific builders ([#308] via [#309])
+
+[#308]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/308
+[#309]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/309
+
 ## 1.7.0 - 2022-10-25
 
 * Changed

src/_helpers/packageJson.ts

@@ -32,6 +32,10 @@ export interface PackageJson {
   version?: string
   description?: string
   license?: string
+  licenses?: Array<{
+    type?: string
+    url?: string
+  }>
   author?: string | {
     name?: string
     email?: string

src/builders/fromNodePackageJson.node.ts

@@ -91,30 +91,43 @@ export class ComponentBuilder {
       : (typeof data.author?.name === 'string'
           ? data.author.name
           : undefined)
+
     /** @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json#description-1} */
     const description = typeof data.description === 'string'
       ? data.description
       : undefined
+
     /** @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json#version} */
     const version = typeof data.version === 'string'
       ? data.version
       : undefined
+
     const externalReferences = this.#extRefFactory.makeExternalReferences(data)
-    /** @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json#license} */
-    const license = typeof data.license === 'string'
-      ? this.#licenseFactory.makeFromString(data.license)
-      : undefined
+
+    const licenses = new Models.LicenseRepository()
+    if (typeof data.license === 'string') {
+      /** @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json#license} */
+      licenses.add(this.#licenseFactory.makeFromString(data.license))
+    }
+    if (Array.isArray(data.licenses)) {
+      /** @see {@link https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/package.json} */
+      for (const licenseData of data.licenses) {
+        if (typeof licenseData?.type === 'string') {
+          const license = this.#licenseFactory.makeDisjunctive(licenseData.type)
+          license.url = typeof licenseData.url === 'string'
+            ? licenseData.url
+            : undefined
+          licenses.add(license)
+        }
+      }
+    }
 
     return new Models.Component(type, name, {
       author,
       description,
       externalReferences: new Models.ExternalReferenceRepository(externalReferences),
       group,
-      licenses: new Models.LicenseRepository(
-        license === undefined
-          ? []
-          : [license]
-      ),
+      licenses,
       version
     })
   }

tests/integration/Builders.FromNodePackageJson.ComponentBuilder.test.js

@@ -34,7 +34,8 @@ suite('Builders.FromNodePackageJson.ComponentBuilder', () => {
   const extRefFactory = new Factories.FromNodePackageJson.ExternalReferenceFactory()
   extRefFactory.makeExternalReferences = () => [`FAKE REFERENCES ${salt}`]
   const licenseFactory = new Factories.LicenseFactory()
-  licenseFactory.makeFromString = () => `FAKE LICENSE ${salt}`
+  licenseFactory.makeFromString = (s) => ({ name: `FAKE LICENSE: ${s}` })
+  licenseFactory.makeDisjunctive = (s) => ({ name: `FAKE DISJUNCTIVE LICENSE: ${s}` })
 
   const sut = new ComponentBuilder(extRefFactory, licenseFactory)
 
@@ -44,9 +45,15 @@ suite('Builders.FromNodePackageJson.ComponentBuilder', () => {
     description: `dummy lib ${salt}`,
     author: {
       name: 'Jane Doe',
-      url: 'http://acme.org/~jd'
+      url: 'https://acme.org/~jd'
     },
-    license: 'dummy license'
+    license: `dummy license ${salt}`,
+    licenses: [
+      {
+        type: `some license ${salt}`,
+        url: `https://acme.org/license/${salt}`
+      }
+    ]
     // to be continued
   }
   const expected = new Models.Component(
@@ -56,7 +63,10 @@ suite('Builders.FromNodePackageJson.ComponentBuilder', () => {
       author: 'Jane Doe',
       description: `dummy lib ${salt}`,
       externalReferences: new Models.ExternalReferenceRepository([`FAKE REFERENCES ${salt}`]),
-      licenses: new Models.LicenseRepository([`FAKE LICENSE ${salt}`]),
+      licenses: new Models.LicenseRepository([
+        { name: `FAKE LICENSE: dummy license ${salt}` },
+        { name: `FAKE DISJUNCTIVE LICENSE: some license ${salt}`, url: `https://acme.org/license/${salt}` }
+      ]),
       group: '@foo',
       version: `1.33.7-alpha.23.${salt}`
     }

tests/unit/Builders.FromNodePackageJson.ComponentBuilder.spec.js

@@ -29,7 +29,7 @@ const {
   }
 } = require('../../')
 
-suite('Builders.FromNodePackageJson.ToolBuilder', () => {
+suite('Builders.FromNodePackageJson.ComponentBuilder', () => {
   test('construct', () => {
     const extRefFactory = new ExternalReferenceFactory()
     const licenseFactory = new LicenseFactory()