OpenLMIS Dependencies List - 6 Aug, 2020

Prepared Aug 6, 2020 by @Brandon Bowersox-Johnson with @Josh Zamor 's support in response to K&L Gates request during partnership to handover legal support.

The list of upstream dependencies that OpenLMIS v3 uses is subject to change over time. Many of these upstream dependencies have different Open Sources licenses.


High-Level Policy

OpenLMIS version 1, 2 and 3 have all been open source and are available on GitHub here: https://github.com/OpenLMIS . OpenLMIS v3 has one repository for each micro-service.

OpenLMIS v3 is a rewrite and it adopted a different license than previous versions. Version 3 uses the GNU Affero General Public License Version 3 (AGPLV3): https://github.com/OpenLMIS/openlmis-ref-distro/blob/master/LICENSE .

The OpenLMIS Community documentation specifies many conventions and requirements, including regarding code dependencies. Our policy requires that dependencies can only be used if they have an open source license. Here is our policy in the Community Principles:
http://docs.openlmis.org/en/latest/conventions/communityPrinciples15.html#a-name-open-source-a-open-source

Generally, we consider dependencies to be open source if they match the Open Source Definition: https://opensource.org/osd .


Major Tech Stack Dependencies

OpenLMIS v3 is a micro-services web application that uses many independent micro-services, most based on Java Spring. Docker is used to run each micro-service, and OpenLMIS is distributed in source code form and as a set of Docker images. OpenLMIS v3 also uses Javascript with AngularJS 1 for the web application (user interface) that runs in browsers such as Chrome and Firefox.

More description of the Architecture and the Tech Stack are documented in our docs and wiki, respectively:
http://docs.openlmis.org/en/latest/architecture/
Developer Guide

Major tech stack dependencies include:


Code Dependencies

OpenLMIS v3 source code includes dependencies in a few different ways: Docker Compose is used to manage Docker image dependencies (in each Dockerfile); Gradle is used to manage Java library dependencies (in build.gradle files); NodeJS and Yarn are used to manage Javascript dependencies (in package.json files).

Below are current lists of these dependencies from all the OpenLMIS v3 GitHub repositories. The exact version numbers of the libraries we use change often.


Docker dependencies

The Docker image dependencies are managed with Docker Compose and are listed in Dockerfile files and come from Docker Hub which you can search at https://hub.docker.com/search .

alpine:3.9 - this is Alpine Linux which is the basis for some of our docker images (others use Debian below)

anapsix/alpine-java:jre8 - this is a base image which uses Oracle Java 8, and most OpenLMIS v3 services use this base image

blazemeter/taurus:1.13.1

debezium/connect:1.0

debezium/postgres - this is PostgreSQL, and we use a Docker image which is an extension of the Debezium Postgres docker image at https://hub.docker.com/r/debezium/postgres, which is based on the official Postgres docker image at https://hub.docker.com/_/postgres/ .

debian:jessie

gliderlabs/alpine:3.4

nginx:1.13.1 - this is NGINX Open Source, which our “openlmis-nginx” repository at https://github.com/OpenLMIS/openlmis-nginx uses and is based on this official nginx docker image from Docker Hub

python:3.6

qautomatron/docker-browsermob-proxy:2.1.3

OpenLMIS v3 also uses Apache Superset. Our "superset-patchup" repository at https://github.com/OpenLMIS/superset-patchup is forked from Ona’s version https://github.com/onaio/superset-patchup .


Java libraries

Generally, all these Java libraries below are managed with Gradle and listed in build.gradle files, and most come from Maven Central which you can search at https://search.maven.org/ .

be.joengenduvel.java.verifiers:to-string:1.0.2
ca.uhn.hapi.fhir:hapi-fhir-client:3.7.0
ca.uhn.hapi.fhir:hapi-fhir-structures-r4:3.7.0
com.avast.gradle.docker-compose
com.bedatadriven:jackson-datatype-jts:2.4
com.ecwid.consul:consul-api:1.3.0
com.fasterxml.jackson.datatype:jackson-datatype-hibernate4
com.fasterxml.jackson.datatype:jackson-datatype-hibernate4:2.10.0
com.fasterxml.jackson.datatype:jackson-datatype-hibernate5
com.fasterxml.jackson.datatype:jackson-datatype-jsr310
com.github.ben-manes.versions
com.github.tomakehurst:wiremock:1.58
com.github.tomakehurst:wiremock:2.20.0
com.github.tomakehurst:wiremock:2.22.0
com.google.guava:guava:18.0
com.google.guava:guava:23.3-jre
com.googlecode.json-simple:json-simple:1.1.1
com.ibatis:ibatis2-common:2.1.7.597
com.jayway.restassured:rest-assured:2.7.0
com.lowagie:itext:2.1.7
com.moowork.node
com.sun.mail:jakarta.mail
commons-beanutils:commons-beanutils:1.9.3
commons-io:commons-io:2.4
commons-io:commons-io:2.5
commons-io:commons-io:2.6
commons-jxpath:commons-jxpath:1.3
commons-validator:commons-validator:1.6
guru.nidi.raml:raml-tester:0.8.15
io.cucumber:cucumber-java:4.2.2
io.cucumber:cucumber-junit:4.2.2
io.rest-assured:json-schema-validator
io.rest-assured:rest-assured
io.rest-assured:rest-assured:3.3.0
io.rest-assured:spring-mock-mvc
javax.validation:validation-api:1.1.0.Final
junit:junit
junit:junit:4.12
net.sf.ehcache
net.sf.jasperreports:jasperreports-fonts:6.0.0
net.sf.jasperreports:jasperreports:6.5.1
net.sf.supercsv:super-csv-dozer:2.4.0
net.sf.supercsv:super-csv:2.4.0
nl.jqno.equalsverifier:equalsverifier:2.4
nl.jqno.equalsverifier:equalsverifier:3.1.10
org.apache.camel:camel-core:2.18.0
org.apache.camel:camel-ftp:2.18.0
org.apache.camel:camel-spring:2.18.0
org.apache.commons:commons-collections4:4.1
org.apache.commons:commons-collections4:4.3
org.apache.commons:commons-collections4:4.4
org.apache.commons:commons-csv:1.4
org.apache.commons:commons-csv:1.7
org.apache.commons:commons-lang3
org.apache.commons:commons-lang3:3.9
org.apache.commons:commons-text:1.8
org.apache.poi:poi:3.15
org.assertj:assertj-core
org.assertj:assertj-core:3.11.1
org.awaitility:awaitility
org.flywaydb.flyway
org.flywaydb:flyway-core
org.flywaydb.flyway-test-extensions:flyway-spring-test:4.1.0
org.hibernate
org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final
org.hibernate:hibernate-java8
org.hibernate:hibernate-spatial:5.3.16.Final
org.jadira.usertype:usertype.core:7.0.0.CR1
org.javassist:javassist:3.20.0-GA
org.javers:javers-spring-boot-starter-sql:2.8.1
org.javers:javers-spring-boot-starter-sql:2.8.2
org.javers:javers-spring-boot-starter-sql:3.11.6
org.jglue.fluent-json:fluent-json:2.0.3
org.joda:joda-money:0.12
org.json:json:20180813
org.mockito:mockito-core:2.23.0
org.olap4j:olap4j:1.2.0
org.openlmis:openlmis-service-util:3.0.0
org.openlmis:openlmis-service-util:3.1.0
org.postgresql:postgresql:42.0.0
org.postgresql:postgresql:42.2.6
org.powermock:powermock-api-mockito2:2.0.0
org.powermock:powermock-api-mockito2:2.0.4
org.powermock:powermock-module-junit4:2.0.0
org.powermock:powermock-module-junit4:2.0.4
org.projectlombok:lombok
org.projectlombok:lombok:1.16.8
org.raml:raml-parser:0.8.37
org.slf4j:slf4j-api:1.7.16
org.slf4j:slf4j-ext
org.slf4j:slf4j-ext:1.7.25
org.sonarqube
org.springframework.boot
org.springframework.boot:spring-boot-starter-actuator
org.springframework.boot:spring-boot-starter-data-jpa
org.springframework.boot:spring-boot-starter-data-redis
org.springframework.boot:spring-boot-starter-data-rest
org.springframework.boot:spring-boot-starter-integration
org.springframework.boot:spring-boot-starter-mail
org.springframework.boot:spring-boot-starter-security
org.springframework.boot:spring-boot-starter-test
org.springframework.boot:spring-boot-starter-web
org.springframework.integration:spring-integration-core
org.springframework.integration:spring-integration-file
org.springframework.integration:spring-integration-ftp
org.springframework.integration:spring-integration-jdbc
org.springframework.integration:spring-integration-jpa
org.springframework.integration:spring-integration-sftp
org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.2.2.RELEASE
org.springframework.security:spring-security-oauth2-client
org.springframework.security:spring-security-oauth2-core
org.springframework.security:spring-security-test
org.springframework:spring-aspects
org.springframework:spring-context-support
org.springframework:spring-test
org.togglz:togglz-console:2.6.1.Final
org.togglz:togglz-junit:2.6.1.Final
org.togglz:togglz-redis:2.6.1.Final
org.togglz:togglz-spring-boot-starter:2.6.1.Final
org.togglz:togglz-spring-security:2.6.1.Final
org.togglz:togglz-testing:2.6.1.Final
org.webjars.npm:api-console:3.0.17
redis.clients:jedis


NodeJS libraries

Generally, all these Javascript libraries below are managed with NodeJS's npm and Yarn and are listed in package.json files and come from NPM which you can search at https://www.npmjs.com/ .

"babel-core": "~6.0.0"
"babel-jest": "~21.2.0"
"babel-polyfill": "~6.26.0"
"babel-preset-es2015": "~6.24.0"
"babel-register": "~6.26.0"
"chai": "~4.1.2"
"command-line-args": "~3.0.0"
"deasync": "~0.1.9"
"eslint": "~4.11.0"
"eslint-config-airbnb-base": "~12.1.0"
"eslint-plugin-import": "~2.8.0"
"find-process": "1.1.0"
"forever": "~0.15.3"
"glob": "~7.1.2"
"http-server": "~0.10.0"
"ip": "~1.1.0"
"karma-spec-reporter": "0.0.32"
"raml-parser": "~0.8.0"
"raml2html": "~2.4.0"
"raml2html": "~3.0.0"
"raml2html": "~3.0.1"
"record-screen": "^3.5.0"
"request": "~2.81.0"
"system-sleep": "~1.0.0"
"uuid": "~3.0.0"
"wdio-cucumber-framework": "~1.0.2"
"wdio-devtools-service": "0.1.6"
"wdio-junit-reporter": "~0.3.1"
"wdio-phantomjs-service": "~0.2.2"
"wdio-selenium-standalone-service": "~0.0.10"
"wdio-spec-reporter": "~0.1.3"
"webdriverio": "4.14.0"
"yarn": "^1.3.2"

OpenLMIS: the global initiative for powerful LMIS software