feat: store licenses

api/Cargo.toml

@@ -97,6 +97,7 @@ sha1 = "0.10.6"
 infer = "0.15.0"
 x509-parser = { version = "0.15.1", features = ["verify"] }
 sitemap-rs = "0.2.1"
+askalono = "0.5.0"
 
 tree-sitter-highlight = "0.22.6"
 tree-sitter-javascript = "0.21.4"

api/migrations/20250717121727_license.sql

@@ -0,0 +1 @@
+ALTER TABLE package_versions ADD COLUMN license TEXT;

api/src/api/types.rs

@@ -619,6 +619,7 @@ pub struct ApiPackageVersion {
   pub newer_versions_count: u64,
   pub lifetime_download_count: u64,
   pub rekor_log_id: Option<String>,
+  pub license: Option<String>,
   pub readme_path: Option<PackagePath>,
   pub updated_at: DateTime<Utc>,
   pub created_at: DateTime<Utc>,
@@ -654,6 +655,7 @@ impl From<PackageVersion> for ApiPackageVersion {
       newer_versions_count: value.newer_versions_count as u64,
       lifetime_download_count: value.lifetime_download_count as u64,
       rekor_log_id: value.rekor_log_id,
+      license: value.license,
       readme_path: value.readme_path,
       updated_at: value.updated_at,
       created_at: value.created_at,

api/src/db/database.rs

@@ -1720,7 +1720,7 @@ impl Database {
 
     let updated = sqlx::query_as!(
       PackageVersion,
-      r#"SELECT package_versions.scope as "scope: ScopeName", package_versions.name as "name: PackageName", package_versions.version as "version: Version", package_versions.user_id, package_versions.readme_path as "readme_path: PackagePath", package_versions.exports as "exports: ExportsMap", package_versions.is_yanked, package_versions.uses_npm, package_versions.meta as "meta: PackageVersionMeta", package_versions.updated_at, package_versions.created_at, package_versions.rekor_log_id,
+      r#"SELECT package_versions.scope as "scope: ScopeName", package_versions.name as "name: PackageName", package_versions.version as "version: Version", package_versions.user_id, package_versions.readme_path as "readme_path: PackagePath", package_versions.exports as "exports: ExportsMap", package_versions.is_yanked, package_versions.uses_npm, package_versions.meta as "meta: PackageVersionMeta", package_versions.updated_at, package_versions.created_at, package_versions.rekor_log_id, package_versions.license,
       (SELECT COUNT(*)
         FROM package_versions AS pv
         WHERE pv.scope = package_versions.scope
@@ -1872,7 +1872,7 @@ impl Database {
     name: &PackageName,
   ) -> Result<Vec<(PackageVersion, Option<UserPublic>)>> {
     sqlx::query!(
-      r#"SELECT package_versions.scope as "package_version_scope: ScopeName", package_versions.name as "package_version_name: PackageName", package_versions.version as "package_version_version: Version", package_versions.user_id as "package_version_user_id", package_versions.readme_path as "package_version_readme_path: PackagePath", package_versions.exports as "package_version_exports: ExportsMap", package_versions.is_yanked as "package_version_is_yanked", package_versions.uses_npm as "package_version_uses_npm", package_versions.meta as "package_version_meta: PackageVersionMeta", package_versions.updated_at as "package_version_updated_at", package_versions.created_at as "package_version_created_at", package_versions.rekor_log_id as "package_version_rekor_log_id",
+      r#"SELECT package_versions.scope as "package_version_scope: ScopeName", package_versions.name as "package_version_name: PackageName", package_versions.version as "package_version_version: Version", package_versions.user_id as "package_version_user_id", package_versions.readme_path as "package_version_readme_path: PackagePath", package_versions.exports as "package_version_exports: ExportsMap", package_versions.is_yanked as "package_version_is_yanked", package_versions.uses_npm as "package_version_uses_npm", package_versions.meta as "package_version_meta: PackageVersionMeta", package_versions.updated_at as "package_version_updated_at", package_versions.created_at as "package_version_created_at", package_versions.rekor_log_id as "package_version_rekor_log_id", package_versions.license as "package_version_license",
       (SELECT COUNT(*)
         FROM package_versions AS pv
         WHERE pv.scope = package_versions.scope
@@ -1909,6 +1909,7 @@ impl Database {
           updated_at: r.package_version_updated_at,
           created_at: r.package_version_created_at,
           rekor_log_id: r.package_version_rekor_log_id,
+          license: r.package_version_license,
         };
 
         let user = if r.package_version_user_id.is_some() {
@@ -1944,7 +1945,7 @@ impl Database {
   ) -> Result<Option<PackageVersion>> {
     sqlx::query_as!(
       PackageVersion,
-      r#"SELECT scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id,
+      r#"SELECT scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id, license,
       (SELECT COUNT(*)
         FROM package_versions AS pv
         WHERE pv.scope = package_versions.scope
@@ -2005,7 +2006,7 @@ impl Database {
   ) -> Result<Option<PackageVersion>> {
     sqlx::query_as!(
       PackageVersion,
-      r#"SELECT scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id,
+      r#"SELECT scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id, license,
       (SELECT COUNT(*)
         FROM package_versions AS pv
         WHERE pv.scope = package_versions.scope
@@ -2046,8 +2047,8 @@ impl Database {
     let mut tx = self.pool.begin().await?;
 
     sqlx::query!(
-      r#"INSERT INTO package_versions (scope, name, version, user_id, readme_path, exports, uses_npm, meta)
-      VALUES ($1, $2, $3, $4, $5, $6, $7, $8)"#,
+      r#"INSERT INTO package_versions (scope, name, version, user_id, readme_path, exports, uses_npm, meta, license)
+      VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)"#,
       new_package_version.scope as _,
       new_package_version.name as _,
       new_package_version.version as _,
@@ -2056,6 +2057,7 @@ impl Database {
       new_package_version.exports as _,
       new_package_version.uses_npm as _,
       new_package_version.meta as _,
+      new_package_version.license as _,
     )
       .execute(&mut *tx)
       .await?;
@@ -2134,7 +2136,7 @@ impl Database {
       PackageVersion,
       r#"INSERT INTO package_versions (scope, name, version, user_id, readme_path, exports, uses_npm, meta)
       VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
-      RETURNING scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id,
+      RETURNING scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id, license,
       (SELECT COUNT(*)
         FROM package_versions AS pv
         WHERE pv.scope = package_versions.scope
@@ -2191,7 +2193,7 @@ impl Database {
       r#"UPDATE package_versions
       SET is_yanked = $4
       WHERE scope = $1 AND name = $2 AND version = $3
-      RETURNING scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id,
+      RETURNING scope as "scope: ScopeName", name as "name: PackageName", version as "version: Version", user_id, readme_path as "readme_path: PackagePath", exports as "exports: ExportsMap", is_yanked, uses_npm, meta as "meta: PackageVersionMeta", updated_at, created_at, rekor_log_id, license,
       (SELECT COUNT(*)
         FROM package_versions AS pv
         WHERE pv.scope = package_versions.scope

api/src/db/models.rs

@@ -416,6 +416,7 @@ pub struct PackageVersion {
   pub lifetime_download_count: i64,
   pub meta: PackageVersionMeta,
   pub rekor_log_id: Option<String>,
+  pub license: Option<String>,
   pub updated_at: DateTime<Utc>,
   pub created_at: DateTime<Utc>,
 }
@@ -430,6 +431,7 @@ pub struct NewPackageVersion<'s> {
   pub exports: &'s ExportsMap,
   pub uses_npm: bool,
   pub meta: PackageVersionMeta,
+  pub license: String,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, Default)]

api/src/publish.rs

@@ -207,6 +207,7 @@ async fn process_publishing_task(
     readme_path,
     meta,
     doc_search_json,
+    license,
   } = output;
 
   upload_version_manifest(
@@ -227,6 +228,7 @@ async fn process_publishing_task(
     &npm_tarball_info,
     readme_path,
     meta,
+    license,
   )
   .await?;
 
@@ -297,6 +299,7 @@ async fn create_package_version_and_npm_tarball_and_update_publishing_task(
   npm_tarball_info: &NpmTarballInfo,
   readme_path: Option<PackagePath>,
   meta: PackageVersionMeta,
+  license: String,
 ) -> Result<(), anyhow::Error> {
   let uses_npm = dependencies
     .iter()
@@ -311,6 +314,7 @@ async fn create_package_version_and_npm_tarball_and_update_publishing_task(
     uses_npm,
     exports: &exports,
     meta,
+    license,
   };
 
   let new_package_files = file_infos