search

HansHammel / license-compatibility-checker

Check npm dependencies' package.json for license compatibility (aka compliance check) with the current project based on spdx notation and naming conventions.
MIT License
93 stars 6 forks source link

How to ignore a list of licenses/packages? #23

Open fhg-isi opened 1 year ago

fhg-isi commented 1 year ago

I would like to use license-compatiblity-checker in a CI pipeline/workfow. It should only fail if a new package with an incompatible license has been added.

Currently I get errors like

type-fest@0.21.3 (MIT OR CC0-1.0) (Unknown) - possibly incompatible with AGPL-3.0 (Network Protective)
uuid-v4@0.1.0 No license (Unlicensed) - possibly incompatible with AGPL-3.0 (Network Protective)

=> How can I manually allow some of the (unknown) licenses / add them to a whitelist?

fhg-isi commented 1 year ago

I tried to use it in a script, to maybe filter the output. However, its passed as a string and that does not feel as the way to go. 

const lcc = require('license-compatibility-checker');
const path = require('path');
const packagePath = path.join(process.cwd(), 'package.json');
const modulePath = path.join(process.cwd(), 'node_modules');

lcc.check(
  packagePath,
  modulePath,
  function(
    /*error*/ err,
    /*boolean*/ passed,
    /*string*/ output
  ){
    if (err) {
      console.log(err);
      throw err;
    }

    if (passed) {
        console.log(output);
    } else {
        //potential license issues found
        for (var entry in output){

        }
        console.log(output);
        throw new Error('License issues found');
  }
});