Swiftpack.co - Package - nexB/scancode-toolkit

404: Not Found

Github

link
Stars: 410
Help us keep the lights on

Dependencies

Used By

Total: 0

Releases

v2.9.2 - May 8, 2018

This is a stable pre-release of what will come up for 3.0 This has a lot of new changes and bug fixes including improved SPDX license detection, package reporting and additional plugins and more: these are not yet fully documented but this release can be used for testing and is stable.

Some major changes include:

  • A security fix The support for Rar archives extraction in extractcode has been changed and downgraded to use libarchive instead of 7zip as a mitigation for a 7Zip vulnerability referenced as CVE-2018-10115 https://nvd.nist.gov/vuln/detail/CVE-2018-10115 . As a result, you may expect some extraction failures when extracting some Rar archives as fewer Rar archive formats are supported by libarchive. When the bug is properly fixed on all OS in 7Zip this may be reverted.

  • The package models have been updated significantly and streamlined. Then now also use the Package URL (purl) semantics. If you rely on the previous v2.x models and data structures, with a --package scans things are rather improved now. Documentation will come up next.

  • The license detection has been updated in several ways:

    • a new --license-expression option allow to return license expressions (using ScanCode keys)
    • several licenses have been added, updated or retired after a sync with the latest SPDX license list v3.1 and AboutCode
    • SPDX license identifiers are now detected by the license scan

v2.9.1 - Mar 22, 2018

This is a stable pre-release of what will come up for 3.0 This has a lot of new changes including improved license detection, plugins, speed and detection that are not yet fully documented but it can be used for testing.

v2.9.0b1 - Mar 2, 2018

This is a pre-release of what will come up for 3.0 This has a lot of new changes including improved plugins, speed and detection that are not yet fully documented but it can be used for testing.

v2.2.1 - Oct 5, 2017

This is a minor release with several bug fixes, one new feature and one (minor) API change.

To install, download scancode-toolkit-2.2.1.zip or scancode-toolkit-2.2.1.tar.bz2 from the Downloads section below and follow installation instructions in the README at https://github.com/nexB/scancode-toolkit/blob/master/README.rst

This is also available as a Python library from Pypi with pip install scancode-toolkit

You can also download the source code for pre-built third-party binaries from these locations:

  • https://github.com/nexB/scancode-thirdparty-src/archive/v1.0.0.tar.gz
  • https://github.com/nexB/scancode-thirdparty-src/archive/v1.0.0.zip

API change:

  • Licenses data now contains a new reference_url attribute instead of a dejacode_url attribute. This defaults to the public DejaCode URL and can be configured with the new --license-url-template command line option.

New feature:

  • There is a new "--format jsonlines" output format option. In this format, each line in the output is a valid JSON document. The first line contains a "header" object with header-level data such as notice, version, etc. Each line after the first contains the scan results for a single file formatted with the same structure as a whole scan results JSON documents but without any header-level attributes. See also http://jsonlines.org/

Other changes:

  • Several new and improved license detection rules have been added. The logic of detection has been refined to handle some rare corner cases. The underscore character "_" is treated as part of a license word and the handling of negative and false_positive license rules has been simplified.

  • Several issues with dealing with codebase with non-ASCII, non-UTF-decodable file paths and other filesystem encodings-related bug have been fixed.

  • Several copyright detection bugs have been fixed.

  • PHP Composer and RPM packages are now detected with --package

  • Several other package types are now detected with --package even though only a few attributes may be returned for now until full parsers are added.

  • Several parsing NPM packages bugs have been fixed.

  • There are some minor performance improvements when scanning some large file for licenses.

Thank you to all contributors to this release and the 250+ stars and 80+ forks on GitHub!

v2.1.0 - Sep 22, 2017

This is a minor release with several new and improved features and bug fixes but no significant API changes.

To install, download scancode-toolkit-2.1.0.zip or scancode-toolkit-2.1.0.tar.bz2 from the Downloads section below and follow installation instructions in the README at https://github.com/nexB/scancode-toolkit/blob/master/README.rst

This is also available as a Python library from Pypi with pip install scancode-toolkit

You can also download the source code for pre-built third-party binaries from these locations:

  • https://github.com/nexB/scancode-thirdparty-src/archive/v1.0.0.tar.gz
  • https://github.com/nexB/scancode-thirdparty-src/archive/v1.0.0.zip

Key changes:

  • New plugin architecture by @yashdsaraf
  • Several new and improved licenses and license detection rules
  • Multiple bug fixes

Thank you to all contributors to this release and the 240+ stars and 70+ forks on GitHub! Some of the contributors to this release with either code and bug reports include (and this list is likely missing some):

  • @abuhman
  • @chinyeungli
  • @jimjag
  • @JonoYang
  • @jpopelka
  • @majurg
  • @mjherzog
  • @pgier
  • @pkajaba
  • @pombredanne
  • @scottctr
  • @sschuberth
  • @yahalom5776
  • @yashdsaraf