Release 2.0.158

README.md

@@ -25,13 +25,13 @@ It also provides the ability to check your (Apache-2.0 licensed) project against
 
 `tools.deps`' license discovery logic (provided via the command `clj -X:deps list`) has several serious shortcomings, including:
 
-* It only scans pom.xml files for license information, and silently ignores projects that don't have license tags in their pom.xml file, or don't have a pom.xml file at all. This is a problem because:
-  * git-only dependencies don't need a pom.xml file (and in practice most don't provide one)
-  * [Clojars only recently started mandating license information in the pom.xml files it hosts](https://github.com/clojars/clojars-web/issues/873), and as of mid-2023 around 1/3 of all projects deployed hosted there do not include any licensing information in their pom.xml files
-* It's coupled to tools.deps and cannot easily be consumed as an independent library. It's also dependent on tools.deps state management (e.g. requires pom.xml files to be downloaded locally).
+* It only scans Maven POM files for license information, and silently ignores projects that don't have license tags in their POM file, or don't have a POM file at all. This is a problem because:
+  * git dependencies (whose use is encouraged by tools.deps/tools.build) don't need a POM file (and in practice most don't provide one)
+  * [Clojars only recently started mandating license information in the POM files it hosts](https://github.com/clojars/clojars-web/issues/873), and as of mid-2023 around 1/3 of all projects deployed hosted there do not include any licensing information in their POM files
+* It's coupled to tools.deps and cannot easily be consumed as an independent library. It's also dependent on tools.deps state management (e.g. requires POM files to be downloaded locally).
 * It doesn't canonicalise license information to SPDX License Expressions (it leaves canonicalisation, a fairly difficult problem, to the caller).
 
-In contrast, `tools-licenses` leverages the [`lice-comb` library](https://github.com/pmonks/lice-comb), which takes a more comprehensive approach to license detection.
+In contrast, `tools-licenses` leverages the [`lice-comb` library](https://github.com/pmonks/lice-comb), a build-tool-agnostic library that takes a more comprehensive approach to license detection.
 
 ## Usage
 

deps.edn

@@ -20,8 +20,8 @@
    {io.github.clojure/tools.build       {:mvn/version "0.9.6"}
     jansi-clj/jansi-clj                 {:mvn/version "1.0.2"}   ; Note: this version has a major bug in the cursor positioning fns (which tools-licenses doesn't use)
     com.github.pmonks/clj-wcwidth       {:mvn/version "1.0.85"}
-    com.github.pmonks/lice-comb         {:mvn/version "2.0.197"}
-    com.github.pmonks/asf-cat           {:mvn/version "2.0.102"}
+    com.github.pmonks/lice-comb         {:mvn/version "2.0.202"}
+    com.github.pmonks/asf-cat           {:mvn/version "2.0.104"}
     com.github.pmonks/tools-convenience {:mvn/version "1.0.142"}}
  :aliases
    {:build {:deps       {com.github.pmonks/pbr            {:mvn/version "RELEASE"}

src/tools_licenses/tasks.clj

@@ -53,10 +53,24 @@
     (ansi/fg-bright :black (lcm/id->name exp))  ; "Bright black" = dark grey
     exp))
 
-(defn- dep-and-licenses
-  [dep licenses]
-  (let [sorted-license-expressions (seq (sort (if (map? licenses) (keys licenses) licenses)))]
-    (str dep " [" (if sorted-license-expressions (s/join ", " (map expression-minus-license-refs sorted-license-expressions)) (ansi/fg-bright :red "No licenses found")) "]")))
+(defn- get-version
+  [dep-info]
+  (case (:deps/manifest dep-info)
+    :mvn  (:mvn/version dep-info)
+    :deps (str (when (:git/tag dep-info) (str (:git/tag dep-info) "@"))
+               (:git/sha dep-info))))
+
+(defn- dep-and-license-expressions
+  [dep-name license-expressions]
+  (let [sorted-license-expressions (seq (sort (if (map? license-expressions) (keys license-expressions) license-expressions)))]
+    (str dep-name " [" (if sorted-license-expressions (s/join ", " (map expression-minus-license-refs sorted-license-expressions)) (ansi/fg-bright :red "No licenses found")) "]")))
+
+(defn- dep-and-licenses->string
+  [[dep-ga dep-info]]
+  (let [dep-ga              (str dep-ga)
+        dep-v               (get-version dep-info)
+        license-expressions (:lice-comb/license-info dep-info)]
+    (dep-and-license-expressions (str dep-ga "@" dep-v) license-expressions)))
 
 (defn- fit-width
   "Pads or trims string s to display width w, with control over whether padding
@@ -105,16 +119,14 @@
         direct-deps     (into {} (remove (fn [[_ v]] (seq (:dependents v))) deps-lib-map-with-info))
         transitive-deps (into {} (filter (fn [[_ v]] (seq (:dependents v))) deps-lib-map-with-info))]
     (println (str "\n" (ansi/bold "This project:")))
-    (if expressions
-      (println (dep-and-licenses (:lib opts) expressions))
-      (println (ansi/fg-bright :red "No licenses found")))
+    (println (dep-and-license-expressions (str (:lib opts) "@" (:version opts)) expressions))
     (println (ansi/bold "\nDirect dependencies:"))
     (if direct-deps
-      (doall (for [[k v] (sort-by key direct-deps)] (println (dep-and-licenses k (:lice-comb/license-info v)))))
+      (doall (for [[k v] (sort-by key direct-deps)] (println (dep-and-licenses->string [k v]))))
       (println "- no direct dependencies -"))
     (println (ansi/bold "\nTransitive dependencies:"))
     (if transitive-deps
-      (doall (for [[k v] (sort-by key transitive-deps)] (println (dep-and-licenses k (:lice-comb/license-info v)))))
+      (doall (for [[k v] (sort-by key transitive-deps)] (println (dep-and-licenses->string [k v]))))
       (println "- no transitive dependencies -"))
     (println)))
 
@@ -259,7 +271,7 @@
                   (println)
                   (run! (fn [category]
                           (when-let [deps-in-category (seq (sort (map first (get dep-licenses-by-category category))))]
-                            (run! #(println (str % " [" (asf-category->ansi-string category) "]")) deps-in-category)
+                            (run! #(println (str % "@" (get-version (get lib-map %)) " [" (asf-category->ansi-string category) "]")) deps-in-category)
                             (println)))
                         asf/categories))
       :edn      (pp/pprint dep-licenses-by-category))))