0.3.0 • Published 6 years ago

dump-licenses v0.3.0

Weekly downloads
4
License
MIT
Repository
github
Last release
6 years ago

Dump licenses

This library is analyzing the npm project hierarchy recursively from the current directory: package.json file

This library only focuses on production dependencies, and provides result as JSON file sorted by license type to simplify the check on legal aspect.

WARN: Legal aspect is not the responsibility of this tool which is just an helper to list all licenses referenced by a module. The production of real license files is OUT OF SCOPE of this module.

To build all licenses text, you can retrieve them from the web (like the excellent https://spdx.org/licenses/), make them template by using some placeholders (for author/date/module name), and automatise the license files generation based on dump-licenses output.

Usage

> npm install -g dump-licenses

> cd <your project directory>

# Ensure to let NPM / YARN resolved your dependencies by calling
> npm install or yarn install

> dump-licenses 
{
  "MIT": [
    { name: "module-name1", version: "1.0.0", author: "John Doe <foo.bar@team.net>" },
    ...
  ],
  "Apache-2.0": [
    { name: "module-name2", version: "0.7.0", author: "John Doe <foo.bar@team.net>" },
    ...
  ],
  "?": [
    { name: "module-with-license-not-found", version: "1.0.0", author: "John Doe <foo.bar@team.net>" },
    ...
  ],
  "File": [
    { name: "module-with-license-file", version: "5.2.0", author: "John Doe <foo.bar@team.net>", license: '/<local-directory>/LICENSE' }
  ]
  ...  
}

# If you copy the "?" part in a dedicated file (for example: manual.json)
# and replace the "?" with correct license. You can then add the --manual (or -m) command line option to tell dump-licenses to use those licensing information prior to compute them. For example:
# manual.json content:
# {
#   "MIT": [
#     { name: "module-with-license-not-found", version: "1.0.0", author: "John Doe <foo.bar@team.net>" },
#   ]
# }

> dump-licenses --manual=manual.json
{
  "MIT": [
    { name: "module-name1", version: "1.0.0", author: "John Doe <foo.bar@team.net>" },
    { name: "module-with-license-not-found", version: "1.0.0", author: "John Doe <foo.bar@team.net>" },
    ...
  ],
  "Apache-2.0": [
    { name: "module-name2", version: "0.7.0", author: "John Doe <foo.bar@team.net>" },
    ...
  ],
  "?": [
    ...
  ],
  "File": [
    { name: "module-with-license-file", version: "5.2.0", author: "John Doe <foo.bar@team.net>", license: '/<local-directory>/LICENSE' }
  ]
  ...  
}

# You can also store the output in json format by using --output (-o)

> dump-licenses --output=licenses.json
INFO: Output file [ license.json ] generated!
INFO: Licenses: MIT, ISC, GPL-2.0, BSD-3-Clause, OFL-1.1, Apache-2.0

# Finally, if you want to merge the licenses of multiple projects you can chain them by using --input (-i) option

> dump-licenses --input=other-project-licenses.json --output=merged-licenses.json

The license is retrieved from "license" (or "licenses") property in package.json. If the property is not found, a .*LICENSE.* file is searched in the project directory and the corresponding module is associated with license type 'File'.

If the licensing information are not found, the corresponding module are associated with license type: "?". Please, check the corresponding library license information manually. You can save those information in a specific manual license file and give it to dump-licenses to

NOTE: By default a license property containing " OR " is computed like a " AND " and the corresponding module will be listed in all license types. You can use the "manual" option to choose between the different choices and prevent it to appear everywhere.

dump-licenses is also trying to retrieve all module authors in order to let software establishes a clear licensing information.

licensebuild
@infinitebrahmanuniverse/nolb-dum@everything-registry/sub-chunk-1537
0.3.0

6 years ago

0.2.0

6 years ago