fix(license): check versions when npm.license is missing

package.json

@@ -43,11 +43,13 @@
     "date-fns": "^1.28.5",
     "lodash.flatten": "^4.4.0",
     "lodash.includes": "^4.3.0",
-    "node-fetch": "^1.7.1"
+    "node-fetch": "^1.7.1",
+    "semver": "^5.4.1"
   },
   "devDependencies": {
     "@types/jest": "^19.2.4",
     "@types/node": "^7.0.29",
+    "@types/semver": "^5.3.33",
     "commitizen": "^2.9.6",
     "cz-conventional-changelog": "^2.0.0",
     "danger": "*",

src/__snapshots__/index.test.ts.snap

@@ -9,231 +9,187 @@ exports[`npm metadata Shows a bunch of useful text for a new dep 1`] = `
 
 <table>
   <thead><tr><th></th><th width=\\"100%\\"></th></tr></thead>
-  <tr><td>Created</td><td>about 1 year ago</td></tr><tr><td>Last Updated</td><td>2 months ago</td></tr><tr><td>License</td><td>MIT</td></tr><tr><td>Maintainers</td><td>3</td></tr><tr><td>Releases</td><td>45</td></tr><tr><td>Direct Dependencies</td><td>undefined</td></tr><tr><td>Keywords</td><td>undefined</td></tr>
+  <tr><td>Created</td><td>about 1 year ago</td></tr><tr><td>Last Updated</td><td>2 days ago</td></tr><tr><td>License</td><td>MIT</td></tr><tr><td>Maintainers</td><td>3</td></tr><tr><td>Releases</td><td>58</td></tr><tr><td>Direct Dependencies</td><td>undefined</td></tr><tr><td>Keywords</td><td>undefined</td></tr>
 </table>
 
 <details>
 <summary><code>README</code></summary>
-[![npm](https://img.shields.io/npm/v/danger.svg)](https://www.npmjs.com/package/danger)
-[![Build Status](https://travis-ci.org/danger/danger-js.svg?branch=master)](https://travis-ci.org/danger/danger-js)
-[![Build Status](https://ci.appveyor.com/api/projects/status/ep5hgeox3lbc5c7f?svg=true)](https://ci.appveyor.com/project/orta/danger-js/branch/master)
+# Danger JS :no_entry_sign: [![npm](https://img.shields.io/npm/v/danger.svg)](https://www.npmjs.com/package/danger) [![Build Status](https://travis-ci.org/danger/danger-js.svg?branch=master)](https://travis-ci.org/danger/danger-js) [![Build Status](https://ci.appveyor.com/api/projects/status/ep5hgeox3lbc5c7f?svg=true)](https://ci.appveyor.com/project/orta/danger-js/branch/master)
 
-Danger on Node, wonder what's going on? see [VISION.md](VISION.md)
+Formalize your Pull Request etiquette.
 
-*Welcome!*
+<p align=\\"center\\">
+    <a href=\\"#what-is-danger-js\\">What is Danger JS?</a> &bull;
+    <a href=\\"VISION.md\\">Vision</a> &bull;
+    <a href=\\"#this-thing-is-broken-i-should-help-improve-it\\">Helping Out</a> &bull;
+    <a href=\\"http://danger.systems/js/usage/extending-danger.html\\">Plugin Development</a>
+</p>
 
-So, what's the deal? Well, right now Danger JS does a lot of the simpler parts of [the Ruby version](http://danger.systems).
-You can look at [Git](https://github.com/danger/danger-js/blob/master/source/dsl/GitDSL.ts) metadata, or [GitHub](https://github.com/danger/danger-js/blob/master/source/dsl/GitHubDSL.ts) metadata on Travis CI, Circle CI, Semaphore, Jenkins, Docker Cloud, surf-build, Codeship, Drone, or Buildkite.
+## What is Danger JS?
 
-Danger can fail your build, write a comment on GitHub, edit it as your PR changes and then delete it once you've passed review. Perfect.
+Danger runs after your CI, automating your team's conventions surrounding code review.
 
-## Getting set up in your Project
+This provides another logical step in your process, through this Danger can help lint your rote tasks in daily code review.
 
-\`\`\`sh
-# with yarn
-yarn add danger --dev
-
-# or with npm
-npm install --save-dev danger
-\`\`\`
+You can use Danger to codify your teams norms, leaving humans to think about harder problems.
 
-If using NPM, add a run command to your \`package.json\`
-
-\`\`\`json
-{
-  \\"scripts\\": {
-    \\"danger\\": \\"danger\\"  
-  }
-}
-\`\`\`
+Danger JS currently works with GitHub and Travis CI, Circle CI, Semaphore, Jenkins, Docker Cloud, surf-build, Codeship, Drone, Buildkite, buddybuild or Visual Studio Team Services.
 
-Then create a \`dangerfile.js\` in the project root with some rules:
+## For example?
 
-\`\`\`js
-import { danger, fail, warn } from \\"danger\\"
-import fs from \\"fs\\"
+You can:
 
-// Make sure there are changelog entries
-const hasChangelog = danger.git.modified_files.includes(\\"changelog.md\\")
-if (!hasChangelog) { fail(\\"No Changelog changes!\\") }
+-   Enforce CHANGELOGs
+-   Enforce links to Trello/JIRA in PR/MR bodies
+-   Enforce using descriptive labels
+-   Look out for common anti-patterns
+-   Highlight interesting build artifacts
+-   Give warnings when specific files change
 
-const jsFiles = danger.git.created_files.filter(path => path.endsWith(\\"js\\"))
+Danger provides the glue to let _you_ build out the rules specific to your team's culture, offering useful metadata and a comprehensive plugin system to share common issues.
 
-// new js files should have \`@flow\` at the top
-const unFlowedFiles = jsFiles.filter(filepath => {
-  const content = fs.readFileSync(filepath)
-  return !content.includes(\\"@flow\\")
-})
+## Getting Started
 
-if (unFlowedFiles.length > 0) {
-  warn(\`These new JS files do not have Flow enabled: \${unFlowedFiles.join(\\", \\")}\`)
-}
-\`\`\`
+Alright. So, actually, you may be in the wrong place. From here on in, this README is going to be for people who are interested in working on and improving on Danger JS.
 
-You can also write your Dangerfile in TypeScript. Create \`dangerfile.ts\` in the project root with some rules:
+We keep all of the end-user documentation at <http://danger.systems/js>.
 
-\`\`\`ts
-import { danger, warn } from \\"danger\\"
-import * as _ from \\"lodash\\"
+Some quick links to get you started:
 
-// Request a CHANGELOG entry if not declared #trivial
-const hasChangelog = _.includes(danger.git.modified_files, \\"changelog.md\\")
-const isTrivial = _.includes((danger.github.pr.body + danger.github.pr.title), \\"#trivial\\")
-if (!hasChangelog && !isTrivial) {
-  warn(\\"Please add a changelog entry for your changes.\\")
+-   [Getting Started](http://danger.systems/js/guides/getting_started.html) 
+-   [Guides Index](http://danger.systems/js/guides.html)
+-   [DSL Reference](http://danger.systems/js/reference.html)
 
-  // Politely ask for their name on the entry too
-  const changelogDiff = danger.git.diffForFile(\\"changelog.md\\")
-  const contributorName = danger.github.pr.user.login
-  if (changelogDiff && _.includes(changelogDiff, contributorName)) {
-    warn(\\"Please add your GitHub name to the changelog entry, so we can attribute you correctly.\\")
-  }
-}
-\`\`\`
+## This thing is broken, I should help improve it!
 
-Using [Jest][jest] and TypeScript for testing? You're all set - Danger should be able to use your \`jest\` config in \`package.json\` to process and evaulate your \`dangerfile.ts\`.
+Awesommmmee.
 
-Not using Jest on your TypeScript project? You'll need to take the following steps for danger to evaluate your \`dangerfile.ts\`:
+\`\`\`sh
+git clone https://github.com/danger/danger-js.git
+cd danger-js
 
-* Install the \`ts-jest\` package - \`yarn add ts-jest --dev\`
-* Add the following \`jest\` section to your \`package.json\`
+# if you don't have yarn installed
+npm install -g yarn
 
-\`\`\`json
-{
-  \\"jest\\": {
-    \\"transform\\": {
-      \\".(ts|tsx)\\": \\"<rootDir>/node_modules/ts-jest/preprocessor.js\\"
-    }
-  }
-}
+yarn install
 \`\`\`
 
-Then you add \`yarn run danger\` to the end of your CI run, and Danger will run. Here's [an example](https://github.com/artsy/emission/pull/385). 👍
-
-Want to see some existing JavaScript examples? Check out:
+You can then verify your install by running the tests, and the linters:
 
-* **Apps** - [Artsy/metaphysics][meta].
-* **Libraries** - [Facebook/Jest][fbj], [styled-components/styled-components][sc] and [ReactiveX/rxjs][rxjs].
+\`\`\`sh
+yarn test
+yarn lint
+\`\`\`
 
-Some TypeScript examples:
+The fixers for both tslint and prettier will be applied when you commit, and on a push your code will be verified
+that it compiles.
 
-* **Apps** - [Artsy/Emission][emiss]
-* **Libraries** [danger/danger-js][danger-js]
+### What is the TODO?
 
-I'd love PRs adding more.
+Check the issues, I try and keep my short term perspective there. Long term is in the [VISION.md](VISION.md).
 
-## Getting set up on CI
+### Releasing a new version of Danger
 
-For now, to get set up I'd recommend looking at [the setup guide for the Ruby version][setup]. All the environment vars are the exact same between versions.
+Following [this commit](https://github.com/danger/danger-js/commit/a26ac3b3bd4f002acd37f6a363c8e74c9d5039ab) as a model:
 
-You will need to create a bot account, and set up CI to run danger.
+-   Checkout the \`master\` branch. Ensure your working tree is clean, and make sure you have the latest changes by running \`git pull\`.
+-   Update \`package.json\` with the new version - for the sake of this example, the new version is **0.21.0**.
+-   Modify \`changelog.md\`, adding a new \`### 0.21.0\` heading under the \`### Master\` heading at the top of the file.
+-   Commit both changes with the commit message **Version bump**.
+-   Tag this commit - \`git tag 0.21.0\`.
+-   Push the commit and tag to master - \`git push origin master --follow-tags\`. Travis CI will build the tagged commit and publish that tagged version to NPM.
 
-If you are using Docker Cloud, make sure to set the following blank ENV vars in your \`docker-compose.test.yml\` file so they are carried forward from the build environment:
+:ship:
 
-\`\`\`yml
-sut:
-  build: .
-  environment:
-    - DANGER_GITHUB_API_TOKEN
-    - DOCKER_REPO
-    - PULL_REQUEST_URL
-    - SOURCE_REPOSITORY_URL
-\`\`\`
+## License, Contributor's Guidelines and Code of Conduct
 
-## Running/Testing manually against a repo
+We try to keep as much discussion as possible in GitHub issues, but also have a pretty inactive Slack --- if you'd like an invite, ping [@Orta](https://twitter.com/orta/) a DM on Twitter with your email. It's mostly interesting if you want to stay on top of Danger without all the emails from GitHub.
 
-There are two ways to do this:
+> This project is open source under the MIT license, which means you have full access to the source code and can modify it to fit your own needs.
+>
+> This project subscribes to the [Moya Contributors Guidelines](https://github.com/Moya/contributors) which TLDR: means we give out push access easily and often.
+>
+> Contributors subscribe to the [Contributor Code of Conduct](http://contributor-covenant.org/version/1/3/0/) based on the [Contributor Covenant](http://contributor-covenant.org) version 1.3.0.
 
-#### Using \`danger pr\`
+[emiss]: https://github.com/artsy/emission/blob/master/dangerfile.ts
 
-The command \`danger pr\` expects an argument of a PR url, e.g. \`danger pr https://github.com/danger/danger-js/pull/100\`.
+[danger-js]: https://github.com/danger/danger-js/blob/master/dangerfile.ts
 
-This will use your local \`dangerfile.js\` against the metadata of that PR. Danger will then output the results as JSON, instead of on the PR itself.
+[meta]: https://github.com/artsy/metaphysics/blob/master/dangerfile.js
 
-#### Using \`danger\`
+[fbj]: https://github.com/facebook/jest/blob/master/dangerfile.js
 
-If you create an [appropriately scoped temporary api token](http://danger.systems/guides/getting_started.html#setting-up-an-access-token) for your github account, this can be a good way to see if danger is suitable for you before integrating it into your CI system.
+[sc]: https://github.com/styled-components/styled-components/blob/master/dangerfile.js
 
-You can manually trigger danger against a pull request on the command line by setting the following environmental variables:
+[rxjs]: https://github.com/ReactiveX/rxjs/blob/master/dangerfile.js
 
-\`\`\`bash
-export DANGER_FAKE_CI=\\"YEP\\"
-export DANGER_GITHUB_API_TOKEN='xxxxxxxxxx'  # a github api token
-export DANGER_TEST_REPO='username/reponame'
-\`\`\`
+[setup]: http://danger.systems/guides/getting_started.html#creating-a-bot-account-for-danger-to-use
 
-Then you can run against a local branch that is attached to a pull-request, by running the following
+[jest]: https://github.com/facebook/jest
 
-\`\`\`bash
-git checkout branch-for-pr-1234
-DANGER_TEST_PR='1234' npm run danger
-\`\`\`
+</details>
 
-assuming that your local file-system matches up to that branch on github, this will be a good approximation of how danger will work when you integrate it into your CI system.
+"
+`;
 
-Note: this will leave a comment on the PR.
+exports[`npm metadata looks through versions if license is missing 1`] = `
+"
+<h2><a href=\\"http://npmjs.com/package/pinpoint\\">pinpoint</a></h2>
+<p>Author: Glen Huang</p>
+<p>Description: Display an arrow in a string of code to point to a location</p>
+<p>Homepage: <a href=\\"http://npmjs.com/package/pinpoint\\">http://npmjs.com/package/pinpoint</a></p>
 
-## Advice
+<table>
+  <thead><tr><th></th><th width=\\"100%\\"></th></tr></thead>
+  <tr><td>Created</td><td>almost 4 years ago</td></tr><tr><td>Last Updated</td><td>almost 4 years ago</td></tr><tr><td>License</td><td><b>MIT</b></td></tr><tr><td>Maintainers</td><td>1</td></tr><tr><td>Releases</td><td>2</td></tr>
+</table>
 
-* You can have Danger read build logs if you use [tee](https://en.wikipedia.org/wiki/Tee_(command)) in your CI process: \`yarn run lint | tee linter_output.txt\`. This can then be picked up with \`readFileSync\` at \`linter_output.txt\` in your Dangerfile later.
+<details>
+<summary><code>README</code></summary>
+# pinpoint
 
-## Known issues
+Add line numbers and an arrow to a string of code that points to a specific location.
 
-* Codeship support does not support fork to fork GitHub PRs.
+## Installation
 
-## This thing is broken, I should help improve it!
+	npm install pinpoint
 
-Awesommmmee.
+## Example
 
-\`\`\` sh
-git clone https://github.com/danger/danger-js.git
-cd danger-js
+With this code:
 
-# if you don't have yarn installed
-npm install -g yarn
+\`\`\`javascript
+function add(left, right) {
+  return left + right;
+}
 
-yarn install
+console.log(add(1 + 1));
 \`\`\`
 
-You can then verify your install by running the tests, and the linters:
+When being asked to point to line 2 and column 2, generates this:
 
-\`\`\` sh
-yarn test
-yarn lint
+\`\`\`javascript
+1| function add(left, right) {
+2|   return left + right;
+-----^
+3| }
+4|
+5| console.log(add(1 + 1));
 \`\`\`
+## API
 
----
-
-### Dev Life
-
-Tips:
-
-* You can run the \`danger\` command globally from your dev build by running \`yarn run link\`.
-* If you're using VS Code, press Run to start an example run, should go through most of the process with a debugger attached. Either use breakpoints, or add \`debugger\` to get a repl and context.
-
-### What is the TODO?
-
-Check the issues, I try and keep my short term perspective there. Long term is in the [VISION.md](VISION.md).
-
-## License, Contributor's Guidelines and Code of Conduct
-
-We try to keep as much discussion as possible in GitHub issues, but also have a pretty inactive Slack --- if you'd like an invite, ping [@Orta](https://twitter.com/orta/) a DM on Twitter with your email. It's mostly interesting if you want to stay on top of Danger without all the emails from GitHub.
-
-> This project is open source under the MIT license, which means you have full access to the source code and can modify it to fit your own needs.
-
-> This project subscribes to the [Moya Contributors Guidelines](https://github.com/Moya/contributors) which TLDR: means we give out push access easily and often.
+\`\`\`javascript
+var pinpoint = require('pinpoint');
 
-> Contributors subscribe to the [Contributor Code of Conduct](http://contributor-covenant.org/version/1/3/0/) based on the [Contributor Covenant](http://contributor-covenant.org) version 1.3.0.
-
-[emiss]: https://github.com/artsy/emission/blob/master/dangerfile.ts
-[danger-js]: https://github.com/danger/danger-js/blob/master/dangerfile.ts
-[meta]: https://github.com/artsy/metaphysics/blob/master/dangerfile.js
-[fbj]: https://github.com/facebook/jest/blob/master/dangerfile.js
-[sc]: https://github.com/styled-components/styled-components/blob/master/dangerfile.js
-[rxjs]: https://github.com/ReactiveX/rxjs/blob/master/dangerfile.js
-[setup]: http://danger.systems/guides/getting_started.html#creating-a-bot-account-for-danger-to-use
-[jest]: https://github.com/facebook/jest
+var str = pinpoint(code, options);
+\`\`\`
 
+* \`code\` - a string of code
+* \`options\` - an object literal supports these options:
+	* \`line\` - the line number to point to, 1-based.
+	* \`column\` - the column number to point to, 1-based.
+	* \`showLines\` - the number of lines to show. The pointed line will try to stay in the middle of the displays lines.
+	* \`indent\` - indent string prepend to each line, before the line number.
 </details>
 
 "