Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preserve legal comments from third party dependencies #4305

Open
WilcoFiers opened this issue Jan 22, 2024 · 1 comment
Open

Preserve legal comments from third party dependencies #4305

WilcoFiers opened this issue Jan 22, 2024 · 1 comment
Labels
docs Documentation changes

Comments

@WilcoFiers
Copy link
Contributor

When bundling, esbuild discards all comments from the code. This could give the impression that the third-party dependencies that come bundled in axe-core fall under Deque's copyright statement at the top of axe.js.

This is solved by ESBuils 13+, which by default preserves legal comments. But because axe-core is pinned on ESBuild 11 we're missing out on this important feature.
@WilcoFiers WilcoFiers added the docs Documentation changes label Jan 22, 2024
@WilcoFiers WilcoFiers mentioned this issue Jan 22, 2024
Merged
@dbjorge
Copy link
Contributor

dbjorge commented Jan 31, 2024

Updating to a more recent esbuild would also enable us to use esbuild-plugin-license to automate the production of LICENSE-3RD-PARTY.txt. I used something like this to validate #4304:

// /build/tasks/esbuild.js

const esbuildPluginLicense = require('esbuild-plugin-license').default;

// To use this, add the following option to the esbuild build() invocation:
//
//   plugins: [noticeFileGeneratorPlugin]
const noticeFileGeneratorPlugin = esbuildPluginLicense({
  banner: undefined, // handled by intro.stub
  thirdParty: {
    includePrivate: false,
    output: {
      file: 'LICENSE-3RD-PARTY.txt',
      template(dependencies) {
        const renderedDependencies = dependencies.map((dep) => {
          const header = `${dep.packageJson.name}@${dep.packageJson.version} :: ${dep.packageJson.license}`;
          return `${header}\n---\n${dep.licenseText}`;
        })
        return renderedDependencies.join('\n===\n');
      },
    }
  }
});

WilcoFiers added a commit that referenced this issue Feb 1, 2024
@WilcoFiers @dbjorge
fix: Add LICENSE-3RD-PARTY.txt file (#4304)
daa0fe6 
Axe-core needs to include the copyright and licenses of third-party
software.

I also looked at preserving the copyright statements from third-party
libraries where they are embedded. Unfortunately that will require us
addressing the webpack issue due to which we pinned our ESBuild version.
#4305

---------

Co-authored-by: Dan Bjorge <dan.bjorge@deque.com>
straker pushed a commit that referenced this issue Feb 5, 2024
@WilcoFiers @dbjorge @straker
fix: Add LICENSE-3RD-PARTY.txt file (#4304)
139c553 
Axe-core needs to include the copyright and licenses of third-party
software.

I also looked at preserving the copyright statements from third-party
libraries where they are embedded. Unfortunately that will require us
addressing the webpack issue due to which we pinned our ESBuild version.
#4305

---------

Co-authored-by: Dan Bjorge <dan.bjorge@deque.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Documentation changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dbjorge @WilcoFiers