/yarn-plugin-licenses

Audit your dependency licenses with this yarn berry plugin

Primary LanguageTypeScriptApache License 2.0Apache-2.0

yarn-plugin-licenses

Discord

Yarn Berry plugin to enforce valid licenses used in a project.

Usage

Define a licenses.config.js file:

module.exports = {
    isValidLicense: (license) => {
        const valid = new RegExp('\\b(mit|apache\\b.*2|bsd|isc|unlicense)\\b', 'i')
        return valid.test(license)
    }
}

or

module.exports = {
    isValidLicense: new RegExp('\\b(mit|apache\\b.*2|bsd|isc|unlicense)\\b', 'i'),
    ignorePackages: ['react'],
}

and then:

yarn plugin import https://raw.githubusercontent.com/tophat/yarn-plugin-licenses/master/bundles/@yarnpkg/plugin-licenses-audit.js
yarn licenses audit --output-file=- --config=licenses.config.js

this outputs a junit report.

You can use yarn licenses audit --summary for a human readable report for local dev.

By default license files are not traversed since there's no simple heuristic to parse the file, and developers often put custom wording inside. For this reason, if you would like to parse the license files, pass the --loose flag to the CLI.

Contributors


Noah
💻 🚇
Kurt von Laven
💻

To add a contributor to the README, signal the all-contributors bot by adding comments in your PRs like so:

@all-contributors please add <username> for <contribution type>