Will error when any packages in node_modules
don't satisfy your allowed licenses.
Uses
license-checker
.
$ npm install license-to-fail --save-dev
# use "license-to-fail" key in package.json
$ ./node_modules/.bin/license-to-fail
# pass a path to external config file
$ ./node_modules/.bin/license-to-fail ./path-to-config.js
If there is no output, then there aren't any errors.
# creates a config.js file with the config in ./example-config.js
$ ./node_modules/.bin/license-to-fail init
allowedPackages
: takes an array of objects. The only required field is name
.
allowedLicenses
: takes an array of strings and calls indexOf
on the licenses.
warnOnUnknown
: instead of erroring on packages with an UNKNOWN
license, just warn. (false by default)
ignoreDevDependencies
: do not check licenses for devDependencies. (false by default)
strictMode
: do not use fuzzy checking when validating licenses (e.g. BSD !== BSD-3-Clause). (false by default)
// ./config.js
module.exports = {
allowedPackages: [
{
"name": "allowed-package-name-here",
"extraFieldsForDocumentation": "hello!", // optional
"date": "date added", // optional
"reason": "reason for allowing" // optional
}
],
allowedLicenses: [
"MIT",
"Apache",
"ISC",
"WTF"
],
warnOnUnknown: true
};
{
"name": "package-name",
"license-to-fail": {
"allowedPackages": [
{
"name": "allowed-package-name-here",
}
],
"allowedLicenses": [
"MIT"
]
}
}
Running the tool on itself
If the config was MIT, ISC
only:
module.exports = {
"allowedPackages": [],
"disallowedPackages": [],
"allowedLicenses": [
"MIT",
"ISC"
]
};
You would have this output:
It will try to print the package name, version, license, and repo.
It will also print whether it is a direct dependency of the current node_modules (looks at package.json) or not.
$ ./bin/license-to-fail ./config.js
Disallowed Licenses:
INDIRECT DEP - [email protected] Apache-2.0: https://github.com/kemitchell/spdx-correct.js
INDIRECT DEP - [email protected] Apache-2.0: https://github.com/kemitchell/validate-npm-package-license.js
INDIRECT DEP - [email protected] Apache2: https://github.com/AceMetrix/package-license
INDIRECT DEP - [email protected] BSD: https://github.com/AceMetrix/npm-license
INDIRECT DEP - [email protected] BSD-2-Clause: https://github.com/npm/normalize-package-data
INDIRECT DEP - [email protected] BSD-3-Clause: https://github.com/davglass/license-checker
INDIRECT DEP - [email protected] Unlicense: https://github.com/shinnn/spdx-license-ids
INDIRECT DEP - [email protected] WTFPL: https://github.com/rlidwka/jju
# Error with process.exit(1)
If we add more allowedLicenses
:
$ npm run check-license # no failures