Difference between revisions of "ClearlyDefinedObject"

From Software Heritage Wiki
Jump to navigation Jump to search
Line 210: Line 210:
 
   
 
   
 
=== Harvest Tools ===
 
=== Harvest Tools ===
*Clearlydefined - https://pastebin.com/NwK2RZ5h
+
*Clearlydefined -  
 +
<pre>
 +
{
 +
    "1.4.2": {
 +
        "_metadata": {
 +
            "type": "nuget",
 +
            "url": "cd:/nuget/nuget/-/lamar.microsoft.dependencyinjection/4.4.0",
 +
            "fetchedAt": "2020-12-04T11:56:33.020Z",
 +
            "links": {
 +
                "self": {},
 +
                "siblings": {},
 +
                "licensee": {},
 +
                "scancode": {}
 +
            },
 +
            "schemaVersion": "1.4.2",
 +
            "toolVersion": "1.2.2",
 +
            "processedAt": "2020-12-04T11:56:33.247Z"
 +
        },
 +
        "attachments": [
 +
            {
 +
                "path": "clearlydefined/downloaded/LICENSE",
 +
                "token": "9f20a00ecdcc1e5a7321365f4423ca1269e889de62b3bf213c71d105abc833a3"
 +
            }
 +
        ],
 +
        "summaryInfo": {
 +
            "k": 208,
 +
            "count": 11,
 +
            "hashes": {
 +
                "sha1": "fddbd9daea6a749b32255501b1f5d05ec51e9fea",
 +
                "sha256": "b5e33401095166de90de0bedccbc8fb4b38260fd927f3726bcf2b024f08a3611"
 +
            }
 +
        },
 +
        "files": [
 +
            {
 +
                "path": ".signature.p7s",
 +
                "hashes": {
 +
                    "sha1": "0b8f5f7a5f057d51480b8375d553e8e40b84ed10",
 +
                    "sha256": "1062a6d08c958d34d24c38c9f863835b2519495748a7c918287675ff6c6ce08c"
 +
                }
 +
            },
 +
            {},
 +
            {},
 +
            {},
 +
            {},
 +
            {},
 +
            {},
 +
            {},
 +
            {},
 +
            {},
 +
            {}
 +
        ],
 +
        "manifest": {
 +
            "@id": "https://api.nuget.org/v3/catalog0/data/2020.11.19.17.58.07/lamar.microsoft.dependencyinjection.4.4.0.json",
 +
            "@type": [
 +
                "PackageDetails",
 +
                "catalog:Permalink"
 +
            ],
 +
            "authors": "Jeremy D. Miller",
 +
            "catalog:commitId": "75701aa2-7db1-4c03-8ee2-8e94b591fe49",
 +
            "catalog:commitTimeStamp": "2020-11-19T17:58:07.3181307Z",
 +
            "created": "2020-11-19T17:56:09.5Z",
 +
            "description": "Lamar Adapter for ASP.Net Core",
 +
            "iconUrl": "https://avatars2.githubusercontent.com/u/10048186?v=3&s=200",
 +
            "id": "Lamar.Microsoft.DependencyInjection",
 +
            "isPrerelease": false,
 +
            "lastEdited": "2020-11-19T17:57:40.843Z",
 +
            "licenseUrl": "https://github.com/JasperFX/lamar/blob/master/LICENSE",
 +
            "listed": true,
 +
            "packageHash": "Peije3DisriqrYWrsMwePhaM8uSJTyZ+VFepLRJCu7bHRNC6MyUwEbjfkYqlfHfQeoOCiu8Q7JIuJtwrcdvjCw==",
 +
            "packageHashAlgorithm": "SHA512",
 +
            "packageSize": 28384,
 +
            "projectUrl": "https://jasperfx.github.io/lamar",
 +
            "published": "2020-11-19T17:56:09.5Z",
 +
            "requireLicenseAcceptance": false,
 +
            "verbatimVersion": "4.4.0",
 +
            "version": "4.4.0",
 +
            "dependencyGroups": [],
 +
            "packageEntries": [],
 +
            "@context": {}
 +
        },
 +
        "registryData": {
 +
            "@id": "https://api.nuget.org/v3/registration5-gz-semver2/lamar.microsoft.dependencyinjection/4.4.0.json",
 +
            "@type": [],
 +
            "catalogEntry": "https://api.nuget.org/v3/catalog0/data/2020.11.19.17.58.07/lamar.microsoft.dependencyinjection.4.4.0.json",
 +
            "listed": true,
 +
            "packageContent": "https://api.nuget.org/v3-flatcontainer/lamar.microsoft.dependencyinjection/4.4.0/lamar.microsoft.dependencyinjection.4.4.0.nupkg",
 +
            "published": "2020-11-19T17:56:09.5+00:00",
 +
            "registration": "https://api.nuget.org/v3/registration5-gz-semver2/lamar.microsoft.dependencyinjection/index.json",
 +
            "@context": {}
 +
        },
 +
        "releaseDate": "2020-11-19T17:56:09.500Z"
 +
    }
 +
}
 +
</pre>
 
Contains hashes of files(sha1 and sha256), registryData, Source Info (if source is provided)
 
Contains hashes of files(sha1 and sha256), registryData, Source Info (if source is provided)
  
*Licensee - https://pastebin.com/s96eZawC
+
*Licensee -  
 +
<pre>
 +
  "licensee": {
 +
    "9.13.0": {
 +
      "_metadata": {
 +
        "type": "licensee",
 +
        "url": "cd:/sourcearchive/mavencentral/com.azure/azure-spring-data-cosmos/3.2.0",
 +
        "fetchedAt": "2020-12-12T01:12:37.734Z",
 +
        "links": {
 +
          "self": {
 +
            "href": "urn:sourcearchive:mavencentral:com.azure:azure-spring-data-cosmos:revision:3.2.0:tool:licensee:9.13.0",
 +
            "type": "resource"
 +
          },
 +
          "siblings": {
 +
            "href": "urn:sourcearchive:mavencentral:com.azure:azure-spring-data-cosmos:revision:3.2.0:tool:licensee",
 +
            "type": "collection"
 +
          }
 +
        },
 +
        "schemaVersion": "9.13.0",
 +
        "toolVersion": "9.11.0",
 +
        "processedAt": "2020-12-12T01:12:40.508Z"
 +
      },
 +
      "licensee": {
 +
        "version": "9.11.0",
 +
        "parameters": [
 +
          "--json",
 +
          "--no-readme"
 +
        ],
 +
        "output": {
 +
          "contentType": "application/json",
 +
          "content": {
 +
            "licenses": [],
 +
            "matched_files": []
 +
          }
 +
        }
 +
      }
 +
    }
 +
  }
 +
</pre>
 +
 
 
Contains licenses, matched files (content and filename)
 
Contains licenses, matched files (content and filename)
 
   
 
   
 
*Scancode - https://pastebin.com/F1Ys7Y1V
 
*Scancode - https://pastebin.com/F1Ys7Y1V
 
Contains Summary (license_expressions, copyrights, holders, authors, programming Language), license clarity score, summary of key files and a separate analysis of every file.
 
Contains Summary (license_expressions, copyrights, holders, authors, programming Language), license clarity score, summary of key files and a separate analysis of every file.

Revision as of 05:31, 5 January 2021

Examples of Definitions

1.

{
      "described": {
        "releaseDate": "2020-12-30",
        "urls": {
          "registry": "https://npmjs.com/package/typescript",
          "version": "https://npmjs.com/package/typescript/v/4.2.0-dev.20201230",
          "download": "https://registry.npmjs.com/typescript/-/typescript-4.2.0-dev.20201230.tgz"
        },
        "projectWebsite": "https://www.typescriptlang.org/",
        "issueTracker": "https://github.com/Microsoft/TypeScript/issues",
        "hashes": {
          "sha1": "a8dfe3af168ac0fc9e0a2fdc1cb369ee80d63442",
          "sha256": "827949c42fa25bc51e843eb4a0aa16251f0c757cf48a6f622f593e9562192a8c"
        },
        "files": 170,
        "tools": [
          "clearlydefined/1.3.4",
          "licensee/9.13.0",
          "scancode/3.2.2"
        ],
        "toolScore": {
          "total": 30,
          "date": 30,
          "source": 0
        },
        "score": {
          "total": 30,
          "date": 30,
          "source": 0
        }
      },
      "licensed": {
        "declared": "Apache-2.0",
        "toolScore": {
          "total": 55,
          "declared": 30,
          "discovered": 10,
          "consistency": 0,
          "spdx": 15,
          "texts": 0
        },
        "facets": {
          "core": {
            "attribution": {
              "unknown": 62,
              "parties": [
                "(c) by W3C",
                "Copyright Grant. I",
                "Copyright (c) 2018 WHATWG",
                "(c) Microsoft Corporation.",
                "(c) Korporatsiia Maikrosoft",
                "Copyright (c) Microsoft Corporation.",
                "Copyright (c) 1991-2017 Unicode, Inc.",
                "(c) Microsoft Corporation. Alle Rechte",
                "(c) Microsoft Corporation. Bao Liu Suo",
                "Copyright (c) 2018 The Khronos Group Inc.",
                "(c) Microsoft Corporation. Zhu Zuo Quan Suo",
                "Copyright (c) YEAR W3C(r) (MIT, ERCIM, Keio, Beihang). Disclaimers THIS WORK IS PROVIDED AS"
              ]
            },
            "discovered": {
              "unknown": 99,
              "expressions": [
                "Apache-2.0",
                "CC-BY-4.0 AND MIT AND NOASSERTION"
              ]
            },
            "files": 170
          }
        },
        "score": {
          "total": 55,
          "declared": 30,
          "discovered": 10,
          "consistency": 0,
          "spdx": 15,
          "texts": 0
        }
      },
      "coordinates": {
        "type": "npm",
        "provider": "npmjs",
        "name": "typescript",
        "revision": "4.2.0-dev.20201230"
      },
      "_meta": {
        "schemaVersion": "1.6.1",
        "updated": "2020-12-30T08:45:26.008Z"
      },
      "scores": {
        "effective": 42,
        "tool": 42
      }
    }

2.

{
      "described": {
        "releaseDate": "2020-12-21",
        "sourceLocation": {
          "type": "git",
          "provider": "github",
          "namespace": "umijs",
          "name": "umi",
          "revision": "a31448a9f65127d1eefdda12feb41e88d0991228",
          "url": "https://github.com/umijs/umi/tree/a31448a9f65127d1eefdda12feb41e88d0991228"
        },
        "urls": {
          "registry": "https://npmjs.com/package/@umijs/utils",
          "version": "https://npmjs.com/package/@umijs/utils/v/3.3.3",
          "download": "https://registry.npmjs.com/@umijs/utils/-/utils-3.3.3.tgz"
        },
        "projectWebsite": "https://github.com/umijs/umi/tree/master/packages/utils#readme",
        "issueTracker": "http://github.com/umijs/umi/issues",
        "hashes": {
          "sha1": "4bc2c539e29e4e34d866b7380b7b1870211b8230",
          "sha256": "e0c41645f9d7c2acb9f9862accaf880cbee7b3f698447069dcb924a889be71ef"
        },
        "files": 36,
        "tools": [
          "clearlydefined/1.3.4",
          "licensee/9.13.0",
          "scancode/3.2.2"
        ],
        "toolScore": {
          "total": 100,
          "date": 30,
          "source": 70
        },
        "score": {
          "total": 100,
          "date": 30,
          "source": 70
        }
      },
      "licensed": {
        "declared": "MIT",
        "toolScore": {
          "total": 60,
          "declared": 30,
          "discovered": 0,
          "consistency": 15,
          "spdx": 15,
          "texts": 0
        },
        "facets": {
          "core": {
            "attribution": {
              "unknown": 36
            },
            "discovered": {
              "unknown": 35,
              "expressions": [
                "MIT"
              ]
            },
            "files": 36
          }
        },
        "score": {
          "total": 60,
          "declared": 30,
          "discovered": 0,
          "consistency": 15,
          "spdx": 15,
          "texts": 0
        }
      },
      "coordinates": {
        "type": "npm",
        "provider": "npmjs",
        "namespace": "@umijs",
        "name": "utils",
        "revision": "3.3.3"
      },
      "_meta": {
        "schemaVersion": "1.6.1",
        "updated": "2020-12-25T02:25:35.228Z"
      },
      "scores": {
        "effective": 80,
        "tool": 80
      }
    }

described

Contains releaseDate, urls, hashes, files, tools, toolscore :- (date and source) , sourceLocation (only those who have a source), score :- (date and source)

licensed

Declared license, tool score (spdx, consistency, texts, declared) binary and (discovered) computed. (https://github.com/clearlydefined/license-score/blob/master/ClearlyLicensedMetrics.md)

coordinates

Coordinates are used to identify various elements in ClearlyDefined. For example, components to harvest, tool outputs, source locations. The coordinates for an entity has at least five parts: type, provider, namespace, name and revision.

  • type – the form of the entity being identified. For example, git, npm, sourceArchive. This is logically, though not actually, equivalent to a mime type.
  • provider – where entity can be found. Examples include github, npmjs, mavenCentral. The system supports a finite set of providers at any given time.
  • namespace – a qualifier that helps scope the name of the entity being identified. This typically comes from the context of the type. For example, for NPM packages, it is the scope, for Maven project it would be the groupid, and for GitHub, the login (often org) is used. If an entity does not have a reasonable namespace, a - (hyphen) must be used. That is, the namespace is logically optional but the property must be set.
  • name – the name of the entity. As with namespace, the name typically comes from the context of the type. So artifactid for Maven, repo name for GitHub, etc.
  • revision – the instance of the entity being identified. The exact form of the revision depends on the type and provider. In Git, a commit hash is used. In package managers, the typical package version is used. This value is largely uninterpreted by ClearlyDefined and simply either passed to the provider as needed or used as an opaque string in internal keys.

meta

Contains Schema Version and the timestamp of last updation

scores

Contains effective and tool score

Harvest Tools

  • Clearlydefined -
{
    "1.4.2": {
        "_metadata": {
            "type": "nuget", 
            "url": "cd:/nuget/nuget/-/lamar.microsoft.dependencyinjection/4.4.0", 
            "fetchedAt": "2020-12-04T11:56:33.020Z", 
            "links": {
                "self": {}, 
                "siblings": {}, 
                "licensee": {}, 
                "scancode": {}
            }, 
            "schemaVersion": "1.4.2", 
            "toolVersion": "1.2.2", 
            "processedAt": "2020-12-04T11:56:33.247Z"
        }, 
        "attachments": [
            {
                "path": "clearlydefined/downloaded/LICENSE", 
                "token": "9f20a00ecdcc1e5a7321365f4423ca1269e889de62b3bf213c71d105abc833a3"
            }
        ], 
        "summaryInfo": {
            "k": 208, 
            "count": 11, 
            "hashes": {
                "sha1": "fddbd9daea6a749b32255501b1f5d05ec51e9fea", 
                "sha256": "b5e33401095166de90de0bedccbc8fb4b38260fd927f3726bcf2b024f08a3611"
            }
        }, 
        "files": [
            {
                "path": ".signature.p7s", 
                "hashes": {
                    "sha1": "0b8f5f7a5f057d51480b8375d553e8e40b84ed10", 
                    "sha256": "1062a6d08c958d34d24c38c9f863835b2519495748a7c918287675ff6c6ce08c"
                }
            }, 
            {}, 
            {}, 
            {}, 
            {}, 
            {}, 
            {}, 
            {}, 
            {}, 
            {}, 
            {}
        ], 
        "manifest": {
            "@id": "https://api.nuget.org/v3/catalog0/data/2020.11.19.17.58.07/lamar.microsoft.dependencyinjection.4.4.0.json", 
            "@type": [
                "PackageDetails", 
                "catalog:Permalink"
            ], 
            "authors": "Jeremy D. Miller", 
            "catalog:commitId": "75701aa2-7db1-4c03-8ee2-8e94b591fe49", 
            "catalog:commitTimeStamp": "2020-11-19T17:58:07.3181307Z", 
            "created": "2020-11-19T17:56:09.5Z", 
            "description": "Lamar Adapter for ASP.Net Core", 
            "iconUrl": "https://avatars2.githubusercontent.com/u/10048186?v=3&s=200", 
            "id": "Lamar.Microsoft.DependencyInjection", 
            "isPrerelease": false, 
            "lastEdited": "2020-11-19T17:57:40.843Z", 
            "licenseUrl": "https://github.com/JasperFX/lamar/blob/master/LICENSE", 
            "listed": true, 
            "packageHash": "Peije3DisriqrYWrsMwePhaM8uSJTyZ+VFepLRJCu7bHRNC6MyUwEbjfkYqlfHfQeoOCiu8Q7JIuJtwrcdvjCw==", 
            "packageHashAlgorithm": "SHA512", 
            "packageSize": 28384, 
            "projectUrl": "https://jasperfx.github.io/lamar", 
            "published": "2020-11-19T17:56:09.5Z", 
            "requireLicenseAcceptance": false, 
            "verbatimVersion": "4.4.0", 
            "version": "4.4.0", 
            "dependencyGroups": [], 
            "packageEntries": [], 
            "@context": {}
        }, 
        "registryData": {
            "@id": "https://api.nuget.org/v3/registration5-gz-semver2/lamar.microsoft.dependencyinjection/4.4.0.json", 
            "@type": [], 
            "catalogEntry": "https://api.nuget.org/v3/catalog0/data/2020.11.19.17.58.07/lamar.microsoft.dependencyinjection.4.4.0.json", 
            "listed": true, 
            "packageContent": "https://api.nuget.org/v3-flatcontainer/lamar.microsoft.dependencyinjection/4.4.0/lamar.microsoft.dependencyinjection.4.4.0.nupkg", 
            "published": "2020-11-19T17:56:09.5+00:00", 
            "registration": "https://api.nuget.org/v3/registration5-gz-semver2/lamar.microsoft.dependencyinjection/index.json", 
            "@context": {}
        }, 
        "releaseDate": "2020-11-19T17:56:09.500Z"
    }
}

Contains hashes of files(sha1 and sha256), registryData, Source Info (if source is provided)

  • Licensee -
  "licensee": {
    "9.13.0": {
      "_metadata": {
        "type": "licensee",
        "url": "cd:/sourcearchive/mavencentral/com.azure/azure-spring-data-cosmos/3.2.0",
        "fetchedAt": "2020-12-12T01:12:37.734Z",
        "links": {
          "self": {
            "href": "urn:sourcearchive:mavencentral:com.azure:azure-spring-data-cosmos:revision:3.2.0:tool:licensee:9.13.0",
            "type": "resource"
          },
          "siblings": {
            "href": "urn:sourcearchive:mavencentral:com.azure:azure-spring-data-cosmos:revision:3.2.0:tool:licensee",
            "type": "collection"
          }
        },
        "schemaVersion": "9.13.0",
        "toolVersion": "9.11.0",
        "processedAt": "2020-12-12T01:12:40.508Z"
      },
      "licensee": {
        "version": "9.11.0",
        "parameters": [
          "--json",
          "--no-readme"
        ],
        "output": {
          "contentType": "application/json",
          "content": {
            "licenses": [],
            "matched_files": []
          }
        }
      }
    }
  }

Contains licenses, matched files (content and filename)

Contains Summary (license_expressions, copyrights, holders, authors, programming Language), license clarity score, summary of key files and a separate analysis of every file.