Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/brightspace/d2l-license-checker
Simple tool to continuously check for D2L accepted licenses of all npm dependencies in a project.
https://github.com/brightspace/d2l-license-checker
continuous-integration license-management nodejs
Last synced: about 1 month ago
JSON representation
Simple tool to continuously check for D2L accepted licenses of all npm dependencies in a project.
- Host: GitHub
- URL: https://github.com/brightspace/d2l-license-checker
- Owner: Brightspace
- Created: 2017-01-17T15:19:17.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2024-02-23T22:18:37.000Z (10 months ago)
- Last Synced: 2024-05-01T16:04:45.138Z (8 months ago)
- Topics: continuous-integration, license-management, nodejs
- Language: JavaScript
- Homepage:
- Size: 535 KB
- Stars: 4
- Watchers: 47
- Forks: 2
- Open Issues: 15
-
Metadata Files:
- Readme: README.md
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# d2l-license-checker
A simple tool to check licenses of all npm dependencies in a project against an approved set of licenses. Can be added to a test suite / CI to get a warning about packages not meeting predefined license requirements. This is basically a wrapper around [`davglass/license-checker`](https://github.com/davglass/license-checker)
## How to use
1. Add this package as a development dependency:
`npm install --save-dev d2l-license-checker`
1. Define a new script in your `package.json` by adding the following lines:
```json
"scripts": {
"license-check": "d2l-license-checker"
}
```1. Add an (optional) config file `.licensechecker.json` to your node module.
```json
{
"acceptedScopes": ["yourCompanyScopeWithoutThe@"],
"manualOverrides": {
"[email protected]": "MIT"
}
}
```1. Check that the licenses pass the test by running `npm run license-check`. See `--help` for more options.
1. Make sure `npm run license-check` is called in your CI build script or as part as your tests
If licenses do not pass the test, you can run `npm run license-check -- --generate-template > .licensechecker.template.json` to generate a template file that can be copied and pasted into the config file for easy overrides.
## Narrowing Analysis
If you only want to check a certain type of dependency, you can supply either `--production-only` or `--development-only` to only check the associated dependency type. These options are mutually exclusive, meaning you can only supply one of the flags. Excluding both will simply check all dependencies.
## Configuration file
The configuration file is a simple JSON file with the following optional entries:
* `"manualOverrides"`: Object where each key is a package name and version (see above example), and the value is a valid SPDX ID. The version number can be a semver expression. You can use this to manually specify the license of a package for which the license is not specified in its `package.json` file or where an invalid SPDX ID is used. The default config is a set of overrides for packages used by D2L.
In addition to the [SPDX IDs](https://spdx.org/licenses/), you can use the following strings:
- `Public-Domain`: identifier for public domain code (not supported by SPDX)
- `Project-Owner`: identifier indicating that you own this package and that its license can be ignored (doesn't need to be added to `"acceptedlicenses"`)
- `D2L-Open-Source-Special-Exemption (license-name)`: identifier indicating that although `license-name` is not in the `"acceptedLicenses"` set, its use has been granted a special exemption for this project.* `"acceptedScopes"`: List of [NPM scopes](https://docs.npmjs.com/misc/scope) that should always be allowed. This is convenient if your team uses its own scoped registry. Do not include the `@` or `/` characters. The default config is `["d2l"]`.
* `"ignoreUnusedManualOverrides"`: Set it to true if you do not want warnings logged when you have unused manual overrides (`false` by default)
## Versioning and Releasing
This repo is configured to use `semantic-release`. Commits prefixed with `fix:` and `feat:` will trigger patch and minor releases when merged to `main`.
To learn how to create major releases and release from maintenance branches, refer to the [semantic-release GitHub Action](https://github.com/BrightspaceUI/actions/tree/main/semantic-release) documentation.