Velove License Compliance Policy

Shared configuration for license-compliance

Installation

yarn add -D license-compliance @velove/license-compliance
# or
npm install --save-dev license-compliance @velove/license-compliance

Usage

Setup a local configuration file to extend the shared policy:

// .license-compliancerc.js
module.exports = {
  extends: '@velove/license-compliance'
};

Depending on your project, you might want to adjust the policy, for instance to only check-up production dependencies, not devDependencies, or exclude specific modules that having been manually checked, even though they may not be specified in the shared policy.

You can call license-compliance to verify the project's compliance (and/or automate that in a CI pipeline)

yarn license-compliance --format text --report detailed
# verify production dependencies only
yarn license-compliance --format text --report detailed --production
# or
npx license-compliance --format text --report detailed
# verify production dependencies only
npx license-compliance --format text --report detailed --production

Bitbucket Pipelines

Bitbucket pipelines can parse XUnit compatible reports to provide additional informations about failing tests.

license-compliance can output to that format using its xunit format

// package.json
{
  "scripts": {
    "licenses:report": "license-compliance --report detailed --format xunit > test-reports/license-compliance.xml"
  }
}

Inside a CI step, a bitbucket integration could look like:

# bitbucket-pipelines.yml
definitions:
  steps:
    - step: &audit-licenses
        name: Licenses compliance
        script:
          # Install dependencies
          - yarn install --frozen-lockfile --silent
          # Verify licenses compliance
          - yarn run licenses:report