Skip to content

Audit your dependency licenses with this yarn berry plugin

License

Notifications You must be signed in to change notification settings

Kurt-von-Laven/yarn-plugin-licenses

 
 

Repository files navigation

yarn-plugin-licenses

Discord

Yarn Berry plugin to enforce valid licenses used in a project.

Usage

Define a licenses.config.js file:

module.exports = {
    isValidLicense: (license) => {
        const valid = new RegExp('\\b(mit|apache\\b.*2|bsd|isc|unlicense)\\b', 'i')
        return valid.test(license)
    }
}

or

module.exports = {
    isValidLicense: new RegExp('\\b(mit|apache\\b.*2|bsd|isc|unlicense)\\b', 'i'),
    ignorePackages: ['react'],
}

and then:

yarn plugin import https://raw.githubusercontent.com/tophat/yarn-plugin-licenses/master/bundles/@yarnpkg/plugin-licenses-audit.js
yarn licenses audit --output-file=- --config=licenses.config.js

this outputs a junit report.

You can use yarn licenses audit --summary for a human readable report for local dev.

By default license files are not traversed since there's no simple heuristic to parse the file, and developers often put custom wording inside. For this reason, if you would like to parse the license files, pass the --loose flag to the CLI.

Contributors


Noah

💻 🚇

Kurt von Laven

💻

To add a contributor to the README, signal the all-contributors bot by adding comments in your PRs like so:

@all-contributors please add <username> for <contribution type>

About

Audit your dependency licenses with this yarn berry plugin

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 86.9%
  • JavaScript 10.4%
  • Shell 2.7%