Skip to content

Latest commit

 

History

History
125 lines (95 loc) · 3.34 KB

README.md

File metadata and controls

125 lines (95 loc) · 3.34 KB

license-to-fail npm travis npm-downloads

Will error when any packages in node_modules don't satisfy your allowed licenses.

Uses license-checker.

Install

$ npm install license-to-fail --save-dev

Usage

# use "license-to-fail" key in package.json
$ ./node_modules/.bin/license-to-fail
# pass a path to external config file
$ ./node_modules/.bin/license-to-fail ./path-to-config.js

If there is no output, then there aren't any errors.

Init

# creates a config.js file with the config in ./example-config.js
$ ./node_modules/.bin/license-to-fail init

Config

allowedPackages: takes an array of objects. The only required field is name.

allowedLicenses: takes an array of strings and calls indexOf on the licenses.

warnOnUnknown: instead of erroring on packages with an UNKNOWN license, just warn. (false by default)

ignoreDevDependencies: do not check licenses for devDependencies. (false by default)

strictMode: do not use fuzzy checking when validating licenses (e.g. BSD !== BSD-3-Clause). (false by default)

// ./config.js
module.exports = {
  allowedPackages: [
    {
      "name": "allowed-package-name-here",
      "extraFieldsForDocumentation": "hello!", // optional
      "date": "date added", // optional
      "reason": "reason for allowing" // optional
    }
  ],
  allowedLicenses: [
    "MIT",
    "Apache",
    "ISC",
    "WTF"
  ],
  warnOnUnknown: true
};

In package.json

{
  "name": "package-name",
  "license-to-fail": {
    "allowedPackages": [
      {
        "name": "allowed-package-name-here",
      }
  ],
    "allowedLicenses": [
      "MIT"
    ]
  }
}

Example Usage/Output

Running the tool on itself

If the config was MIT, ISC only:

module.exports = {
  "allowedPackages": [],
  "disallowedPackages": [],
  "allowedLicenses": [
    "MIT",
    "ISC"
  ]
};

You would have this output:

It will try to print the package name, version, license, and repo.

It will also print whether it is a direct dependency of the current node_modules (looks at package.json) or not.

$ ./bin/license-to-fail ./config.js

Disallowed Licenses:
INDIRECT DEP - [email protected] Apache-2.0: https://github.com/kemitchell/spdx-correct.js
INDIRECT DEP - [email protected] Apache-2.0: https://github.com/kemitchell/validate-npm-package-license.js
INDIRECT DEP - [email protected] Apache2: https://github.com/AceMetrix/package-license
INDIRECT DEP - [email protected] BSD: https://github.com/AceMetrix/npm-license
INDIRECT DEP - [email protected] BSD-2-Clause: https://github.com/npm/normalize-package-data
INDIRECT DEP - [email protected] BSD-3-Clause: https://github.com/davglass/license-checker
INDIRECT DEP - [email protected] Unlicense: https://github.com/shinnn/spdx-license-ids
INDIRECT DEP - [email protected] WTFPL: https://github.com/rlidwka/jju

# Error with process.exit(1)

If we add more allowedLicenses:

$ npm run check-license # no failures