license-checker-ci
v1.3.0
Published
Check node packages against a licence whitelist in CI
Downloads
61
Readme
License Checker CI
Wrapper for license-checker, to use it in CI with a whitelist.
Usage
Call from CLI as follows:
$ license-checker-ci [--whitelists relative-path-to-whitelists] [folder1] [folder2] [...]
where by default, relative-path-to-whitelist
is ./.license-checker-ci/whitelists.json
and only the current working directory is checked.
The call will fail (exit with code 1) if any non-whitelisted packages with a non-whitelisted license are found.
Example:
$ license-checker-ci
[/home/philipp/code/license-checker-ci] [email protected] with license(s) BSD-3-Clause OR MIT not whitelisted.
[/home/philipp/code/license-checker-ci] [email protected] with license(s) AFLv2.1,BSD not whitelisted.
[/home/philipp/code/license-checker-ci] [email protected] with license(s) MIT* not whitelisted.
[/home/philipp/code/license-checker-ci] [email protected] with license(s) MIT* not whitelisted.
License check failed: 5 problems detected.
$ echo $?
1
Note that the working directory must contain a valid package.json
and subfolder node_modules
.
Whitelists specification
The whitelists file must be a valid json specifying an object with properties packages
and licenses
. licenses
must contain an array of the licenses you want to whitelist, packages
must containt an array of the packages including a semver version range that you want to whitelist.
Example:
{
"packages": [
"amdefine@^1.0",
"esutils@*",
"json-schema@^0.2",
"optimist@^0.6",
"spdx-expression-parse@^1.0",
"spdx-license-ids@^1.2",
"tweetnacl@^0.14",
"wordwrap@^0.0"
],
"licenses": [
"Apache-2.0",
"BSD-2-Clause",
"BSD-3-Clause",
"CC0-1.0",
"CC-BY-3.0",
"ISC",
"MIT",
"Public Domain",
"Unlicense",
"WTFPL"
]
}
Multiple licenses
Some packages allow redistribution under combinations of licenses, e.g. (License-1 OR License-2 OR License-3)
or (License-1 AND License-2)
.
You only need to whitelist one of those licenses for OR
-combinations and all licenses for AND
-combinations. See https://www.npmjs.com/package/spdx-expression-parse for details.
LICENSE
MIT