Crate licensebat_core

source ·
Expand description

Core types and traits for licensebat-cli.

Libraries authors that want to provide Collector implementations should use this crate.

Collector is the central trait of this crate and its implementations will be responsible for retrieving information about the dependencies in form of a `RetrievedDependency.

Note that the Collector trait is really simple and this is mainly because this trait is intended to serve as the base for more complex traits.

In our case, this crate exposes the FileCollector trait which will use dependency manifest files (such as package-lock.json, yarn.lock, Cargo.lock or pubspec.yaml) to extract information about the different dependencies (see Dependency) and return a stream of RetrievedDependency or RetrievedDependencyStreamResult.

For the moment, FileCollector is the only used trait in all language implementations but this can easily change. For instance, for the Rust language, it would be nice to use cargo-metadata instead of having to parse the Cargo.lock file. That would make it cheaper to get information about some dependencies as we wouldn’t need to use any APIs to fetch license information.

Anyway, having those two different approaches would be still valuable because there are scenarios where we don’t have access to all the codebase. When using the CLI, through licensebat-cli, it makes sense to avoid making http requests at all cost, but this is not possible in Licensebat’s GitHub Service as we don’t have access to all the codebase but only a few files.

Features

  • licrc-from-file: Allows to retrieve license information from a file by enabling a LicRc::from_relative_path associated function.

Modules

  • collector
    Collector traits.
  • licrc
    Exposes a struct to manage the .licrc file information and validate the dependencies accordingly.

Structs

  • Comment
    A comment to be added in a RetrievedDependency once it has been retrieved or validated. It normally adds information about what went wrong.
  • Dependency
    Generic and plain dependency without any extra information. Language agnostic, just holds the name and the version and some other information.
  • RetrievedDependency
    A dependency that has been retrieved from its source. The source can be anything, from a third party API (i.e. npm, pub.dev or crates.io APIs) to the file system. It holds information about licenses, errors while validating…

Traits

  • Collector
    Base trait for collectors.
  • FileCollector
    Trait to be implemented for every Collector dealing with a dependency file (package-lock.json, pubspec.yaml…).