Merge pull request #786 from nexB/775-npm-error

Fix npm package.json parsing errors, improve parsing

Author: pombredanne

src/packagedcode/models.py

@@ -123,12 +123,12 @@
 """
 
 
-class ListType(ListType):
+class BaseListType(ListType):
     """
     ListType with a default of an empty list.
     """
     def __init__(self, field, **kwargs):
-        super(ListType, self).__init__(field=field, default=[], **kwargs)
+        super(BaseListType, self).__init__(field=field, default=[], **kwargs)
 
 
 PackageId = namedtuple('PackageId', 'type name version')
@@ -361,7 +361,7 @@ class Repository(BaseModel):
         label='public repository',
         description='A flag set to true if this is a public repository.')
 
-    mirror_urls = ListType(URIType)
+    mirror_urls = BaseListType(URIType)
     mirror_urls.metadata = dict(
         label='repository mirror urls',
         description='A list of URLs for mirrors of this repository.')
@@ -502,7 +502,7 @@ def resolve(self):
         # A normalized list of version constraints for this dep. This is package-
         # independent and should be a normalized data structure describing all the
         # different version range constraints
-        # normalized_version_constraints = ListType(StringType())
+        # normalized_version_constraints = BaseListType(StringType())
         raise NotImplementedError()
 
 
@@ -644,42 +644,42 @@ class Package(BaseModel):
         description='Release date of the package')
 
     # FIXME: this would be simpler as a list where each Party has also a type
-    authors = ListType(ModelType(Party))
+    authors = BaseListType(ModelType(Party))
     authors.metadata = dict(
         label='authors',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    maintainers = ListType(ModelType(Party))
+    maintainers = BaseListType(ModelType(Party))
     maintainers.metadata = dict(
         label='maintainers',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    contributors = ListType(ModelType(Party))
+    contributors = BaseListType(ModelType(Party))
     contributors.metadata = dict(
         label='contributors',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    owners = ListType(ModelType(Party))
+    owners = BaseListType(ModelType(Party))
     owners.metadata = dict(
         label='owners',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    packagers = ListType(ModelType(Party))
+    packagers = BaseListType(ModelType(Party))
     packagers.metadata = dict(
         label='owners',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    distributors = ListType(ModelType(Party))
+    distributors = BaseListType(ModelType(Party))
     distributors.metadata = dict(
         label='distributors',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    vendors = ListType(ModelType(Party))
+    vendors = BaseListType(ModelType(Party))
     vendors.metadata = dict(
         label='vendors',
         description='A list of party objects. Note: this model schema will change soon.')
 
-    keywords = ListType(StringType())
+    keywords = BaseListType(StringType())
     keywords.metadata = dict(
         label='keywords',
         description='A list of keywords or tags.')
@@ -691,14 +691,14 @@ class Package(BaseModel):
         description='URL to a reference documentation for keywords or '
         'tags (such as a Pypi or SF.net Trove map)')
 
-    metafile_locations = ListType(StringType())
+    metafile_locations = BaseListType(StringType())
     metafile_locations.metadata = dict(
         label='metafile locations',
         description='A list of metafile locations for this package '
         '(such as a package.json, a setup.py). '
         'Relative to the package root directory or archive root')
 
-    metafile_urls = ListType(URIType())
+    metafile_urls = BaseListType(URIType())
     metafile_urls.metadata = dict(
         label='metafile URLs',
         description='A list of metafile remote URLs for this package '
@@ -714,7 +714,7 @@ class Package(BaseModel):
         label='Notes',
         description='Notes, free text about this package')
 
-    download_urls = ListType(URIType())
+    download_urls = BaseListType(URIType())
     download_urls.metadata = dict(
         label='Download URLs',
         description='A list of direct download URLs, possibly in SPDX VCS url form. '
@@ -732,7 +732,7 @@ class Package(BaseModel):
         label='bug tracking URL',
         description='URL to the issue or bug tracker for this package')
 
-    support_contacts = ListType(StringType())
+    support_contacts = BaseListType(StringType())
     support_contacts.metadata = dict(
         label='Support contacts',
         description='A list of strings (such as email, urls, etc) for support contacts')
@@ -765,18 +765,18 @@ class Package(BaseModel):
         label='Top level Copyright',
         description='a top level copyright often asserted in package metadata')
 
-    copyrights = ListType(StringType())
+    copyrights = BaseListType(StringType())
     copyrights.metadata = dict(
         label='Copyrights',
         description='A list of effective copyrights as detected and eventually summarized')
 
-    asserted_licenses = ListType(ModelType(AssertedLicense))
+    asserted_licenses = BaseListType(ModelType(AssertedLicense))
     asserted_licenses.metadata = dict(
         label='asserted licenses',
         description='A list of asserted license objects representing '
         'the asserted licensing information for this package')
 
-    legal_file_locations = ListType(StringType())
+    legal_file_locations = BaseListType(StringType())
     legal_file_locations.metadata = dict(
         label='legal file locations',
         description='A list of paths to legal files '
@@ -788,12 +788,12 @@ class Package(BaseModel):
         label='license expression',
         description='license expression: either resolved or detected license expression')
 
-    license_texts = ListType(StringType())
+    license_texts = BaseListType(StringType())
     license_texts.metadata = dict(
         label='license texts',
         description='A list of license texts for this package.')
 
-    notice_texts = ListType(StringType())
+    notice_texts = BaseListType(StringType())
     license_texts.metadata = dict(
         label='notice texts',
         description='A list of notice texts for this package.')
@@ -809,7 +809,7 @@ class Package(BaseModel):
         'The possible values for dependency grousp are:' + ', '.join(DEPENDENCY_GROUPS)
         )
 
-    related_packages = ListType(ModelType(RelatedPackage))
+    related_packages = BaseListType(ModelType(RelatedPackage))
     related_packages.metadata = dict(
         label='related packages',
         description='A list of related_package objects for this package. '

src/packagedcode/npm.py

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015 nexB Inc. and others. All rights reserved.
+# Copyright (c) 2017 nexB Inc. and others. All rights reserved.
 # http://nexb.com and https://github.com/nexB/scancode-toolkit/
 # The ScanCode software is licensed under the Apache License version 2.0.
 # Data generated with ScanCode require an acknowledgment.
@@ -86,6 +86,20 @@ def parse(location):
     if not is_package_json(location):
         return
 
+    with codecs.open(location, encoding='utf-8') as loc:
+        package_data = json.load(loc, object_pairs_hook=OrderedDict)
+
+    # a package.json is at the root of an NPM package
+    base_dir = fileutils.parent_directory(location)
+    metafile_name = fileutils.file_base_name(location)
+    return build_package(package_data, base_dir, metafile_name)
+
+
+def build_package(package_data, base_dir=None, metafile_name='package.json'):
+    """
+    Return a Package object from a package_data mapping (from a
+    package.json or similar) or None.
+    """
     # mapping of top level package.json items to the Package object field name
     plain_fields = OrderedDict([
         ('name', 'name'),
@@ -101,33 +115,35 @@ def parse(location):
         ('bugs', bugs_mapper),
         ('contributors', contributors_mapper),
         ('maintainers', maintainers_mapper),
+        # current form
         ('license', licensing_mapper),
+        # old, deprecated form
         ('licenses', licensing_mapper),
         ('dependencies', dependencies_mapper),
         ('devDependencies', dev_dependencies_mapper),
         ('peerDependencies', peer_dependencies_mapper),
         ('optionalDependencies', optional_dependencies_mapper),
-        ('url', url_mapper),
+        # legacy, ignored
+        # ('url', url_mapper),
         ('dist', dist_mapper),
         ('repository', repository_mapper),
     ])
 
-    with codecs.open(location, encoding='utf-8') as loc:
-        data = json.load(loc, object_pairs_hook=OrderedDict)
 
-    if not data.get('name') or not data.get('version'):
+    if not package_data.get('name') or not package_data.get('version'):
         # a package.json without name and version is not a usable NPM package
         return
 
     package = NpmPackage()
     # a package.json is at the root of an NPM package
-    base_dir = fileutils.parent_directory(location)
     package.location = base_dir
     # for now we only recognize a package.json, not a node_modules directory yet
-    package.metafile_locations = [location]
-    package.version = data.get('version')
+    if metafile_name:
+        package.metafile_locations = [metafile_name]
+
+    package.version = package_data.get('version') or None
     for source, target in plain_fields.items():
-        value = data.get(source)
+        value = package_data.get(source) or None
         if value:
             if isinstance(value, basestring):
                 value = value.strip()
@@ -136,14 +152,21 @@ def parse(location):
 
     for source, func in field_mappers.items():
         logger.debug('parse: %(source)r, %(func)r' % locals())
-        value = data.get(source)
+        value = package_data.get(source) or None
         if value:
             if isinstance(value, basestring):
                 value = value.strip()
             if value:
                 func(value, package)
-    # this should be a mapper function but requires two args
-    package.download_urls.append(public_download_url(package.name, package.version))
+
+    # this should be a mapper function but requires two args.
+    # Note: we only add a synthetic download URL if there is none from
+    # the dist mapping.
+    if not package.download_urls:
+        tarball = public_download_url(package.name, package.version)
+        if tarball:
+            package.download_urls.append(tarball)
+
     return package
 
 
@@ -152,7 +175,7 @@ def licensing_mapper(licenses, package):
     Update package licensing and return package.
     Licensing data structure has evolved over time and is a tad messy.
     https://docs.npmjs.com/files/package.json#license
-    licenses is either:
+    license(s) is either:
     - a string with:
      - an SPDX id or expression { "license" : "(ISC OR GPL-3.0)" }
      - some license name or id
@@ -163,9 +186,13 @@ def licensing_mapper(licenses, package):
         return package
 
     if isinstance(licenses, basestring):
+        # current form
+        # TODO:  handle "SEE LICENSE IN <filename>"
+        # TODO: parse expression with license_expression library
         package.asserted_licenses.append(models.AssertedLicense(license=licenses))
 
     elif isinstance(licenses, dict):
+        # old, deprecated form
         """
          "license": {
             "type": "MIT",
@@ -176,6 +203,7 @@ def licensing_mapper(licenses, package):
                                                          url=licenses.get('url')))
 
     elif isinstance(licenses, list):
+        # old, deprecated form
         """
         "licenses": ["type": "Apache License, Version 2.0",
                       "url": "http://www.apache.org/licenses/LICENSE-2.0" } ]
@@ -295,19 +323,28 @@ def repository_mapper(repo, package):
     if isinstance(repo, basestring):
         package.vcs_repository = parse_repo_url(repo)
     elif isinstance(repo, dict):
-        package.vcs_tool = repo.get('type') or 'git'
-        package.vcs_repository = parse_repo_url(repo.get('url'))
+        repurl = parse_repo_url(repo.get('url'))
+        if repurl:
+            package.vcs_tool = repo.get('type') or 'git'
+            package.vcs_repository = repurl
     return package
 
 
 def url_mapper(url, package):
     """
-    In a package.json, the "url" field is a redirection to a package download
-    URL published somewhere else than on the public npm registry.
-    We map it to a download url.
+    In a package.json, the "url" field is a legacy field that contained
+    various URLs either as a string or as a mapping of type->url
     """
-    if url:
-        package.download_urls.append(url)
+    if not url:
+        return package
+
+    if isinstance(url, basestring):
+        # TOOD: map to a miscellaneous urls dict
+        pass
+    elif isinstance(url, dict):
+        # typical key is "web"
+        # TOOD: map to a miscellaneous urls dict
+        pass
     return package
 
 
@@ -395,6 +432,11 @@ def parse_person(person):
     Both forms are equivalent.
     """
     # TODO: detect if this is a person name or a company name
+
+    name = None
+    email = None
+    url = None
+
     if isinstance(person, basestring):
         parsed = person_parser(person)
         if not parsed:
@@ -409,10 +451,28 @@ def parse_person(person):
         name = person.get('name')
         email = person.get('email')
         url = person.get('url')
+
     else:
         raise Exception('Incorrect NPM package.json person: %(person)r' % locals())
 
-    return name and name.strip(), email and email.strip('<> '), url and url.strip('() ')
+    if name:
+        name = name.strip()
+        if name.lower() == 'none':
+            name = None
+    name = name or None
+
+    if email:
+        email = email.strip('<> ')
+        if email.lower() == 'none':
+            email = None
+    email = email or None
+
+    if url:
+        url = url.strip('() ')
+        if url.lower() == 'none':
+            url = None
+    url = url or None
+    return name, email, url
 
 
 def public_download_url(name, version, registry='https://registry.npmjs.org'):