A command line tool for generating project dependencies table
Project description
leafhopper
Do you get asked by your employer to provide a list of open source libraries that you use in the project for legal review?
leafhopper
is a command line tool used for generating a table of dependencies for a project, including their licenses, so that you don't have to manually maintain such a list for every release of your project.
How it works
The tool parses the project descriptor, based on different project types (poetry
/maven
/vcpkg
are supported currently), and generates a table of dependencies. When some critical information, such as license, is not available in the project descriptor, leafhopper
will test if this is a github/sourceforge project and try loading relevant information from github.com
/sourceforge.net
.
Features
- parse multiple different project types to generate a table of dependencies from them
- load license information from github/sourceforge
- support overriding the list of dependencies from the project descriptor when you cannot get correct information from the project descriptor
- support customizing the output columns
- multiple outout formats
Installation
pip install leafhopper
Usage
leafhopper /path/to/project/descriptor
arguments
-
--format
: the format of the output. Possible values aremarkdown
/html
/json
/latex
/csv
. Default ismarkdown
. -
--output
: the output file path. If not specified, the output will be printed to stdout. -
--columns
: the output table header columns. It is a comma separated string. Default value isname,version,homepage,license,description
. You can change the order of columns or add empty columns by changing the value. For example,name,license,homepage,component
add a new empty column calledcomponent
and reorder the columns as well. -
--logging-level
: the logging level. Possible values aredebug
/info
/warning
/error
/critical
. Default isinfo
.- Set the logging level to above
info
(e.g.error
) to supress non critical messages so that only table is printed to stdout (if no output file is specified). - Set the logging level to
debug
to enable debug messages.
- Set the logging level to above
-
--extra
: the file path to a JSON file path containing extra package information to override the information parsed from project descriptors. Theoverrides
property in JSON file is an array of objects with the following properties (here is an example):name
version
, optionallicense
, optionalhomepage
, optionaldescription
, optional
-
--help
: show the help message
examples
- extract
pyproject.toml
dependencies with markdown format and save it intodependencies.md
file
leafhopper /path/to/pyproject.toml --output=dependencies.md
- extract
pom.xml
dependencies with html format
leaphopper /path/to/pom.xml --format=html
- suppress logging and output to stdout and use CLI tool
glow
to display it
leafhopper /path/to/vcpkg.json --format md --logging-level error | glow -
- use custom columns to change the column order and add an empty column called
component
, which you can fill later on
leaphopper /path/to/pom.xml --columns name,component,version,license,homepage,description
- use an extra JSON file to override the information parsed from project descriptors
leaphopper /path/to/pom.xml --extra=tests/data/extra.json
Supported formats
- markdown
- LaTex
- html
- json
- csv
sample output
- markdown format output
# Package Dependencies
| name |version| homepage | license | description |
|-----------------|-------|-------------------------------|----------|-------------------------------------------------------------------------|
|simdjson |2.2.0 |https://simdjson.org/ |Apache-2.0|A extremely fast JSON library that can parse gigabytes of JSON per second|
|pcre | 8.45|https://www.pcre.org/ | |Perl Compatible Regular Expressions |
|pugixml |1.12.1 |https://github.com/zeux/pugixml|MIT |Light-weight, simple and fast XML parser for C++ with XPath support |
|arrow |8.0.0 |https://arrow.apache.org |Apache-2.0|Cross-language development platform for in-memory analytics |
Supported project types
- poetry project described by
pyproject.toml
- maven project described by
pom.xml
- https://maven.apache.org/pom.html
pom.xml
with or without Maven XML namespace are supported.
- vcpkg project described by
vcpkg.json
- more project types such as npm will be supported in the future
Changelog
Known issues
- Some open source libraries, doesn't have the license information available in the project descriptor (or in
github.com
/sourceforge.net
), and the cell will be blank and you have to manually fill it.
TODO
- Support more project types, such as
npm
'spackage.json
andpip
'srequirements.txt
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for leafhopper-0.4.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 70f839da4d93751c2114ce62891d4eae44d73f877653168baa5ca46e5f874314 |
|
MD5 | 3dfc1ede3d7744372ea109213c44c2f5 |
|
BLAKE2b-256 | d44707a53c798fa54fd515ab0a00e0c6f33ff3ba84343d6c72389d7e135f94b5 |