Suggestion: Add option to warn about problematic or missing licenses

Question

Suggestion: Add option to warn about problematic or missing licenses

lukastaegert opened this issue 5 years ago · 4 comments

There are some licenses that are problematic when bundled, e.g. GPL, or files with missing licenses. This plugin could warn when one of those licenses or a package without a license is discovered.

Answer 1 · 2019-06-11T08:51:52.000Z

Hi @lukastaegert,
Thanks for the report. My main question is: how to detect problematic license? We can provide a hook function as an option that will return true or false if the plugin should warn on "problematic" license, but I don't think an "automatic" detection would be easy to implement.
What do you think? Do you have a better idea than a hook function?

Answer 2 · 2019-06-11T14:36:54.000Z

I think a hook would make the most sense, i.e. if I use GPL, then I probably do not care if someone else uses it. On second thought, it might make sense to address this via #379 (comment) ?

Answer 3 · 2019-12-01T14:08:15.000Z

@lukastaegert Sorry for the very long delay, but version 0.13.0 (published few minutes ago) now includes an option to warn (or fail) in case of a problematic license. The readme is up to date, but here is an example:

license({
  thirdParty: {
    allow: '(MIT OR Apache-2.0)',
  },
})

With this configuration, a warning will be printed to the console if a dependency does not use MIT or Apache 2.0 license.

Please let me know if you think it is not enough ;)

Answer 4 · 2019-12-02T06:45:37.000Z

Looks great, thanks!