[Feature Request]: filter dev dependencies

[jfayot]

Is there any possibility to generate the license file filtered on dev dependencies only, or at least to tag the dependency type in the ILicense interface ?

[tobybessant]

Hey @jfayot,

Thanks for contributing to the discussion for this package.

This is not a feature we currently support. Please could you elaborate on what exactly the use case of this feature would be? I've included some questions below that might help explore this.

• How are you using generate-license-file (CLI or library)?
• Is there a technical requirement you’re trying to meet?
• Or a legal requirement you’re constrained by?

Many thanks, Toby

[jayvdb]

Hi Toby, we are using this tool to generate a JSON file containing all of the license texts of dependencies of an electron app. We then use that JSON to populate a "Third party licenses" window in the application, so we give appropriate attribution to our dependencies. We would prefer to be only including the licenses of dependencies that are actually in the distributed application, excluding the licenses of all the tools used to lint, test, build, etc the application.

[jayvdb]

And specifically this would get rid of the "prettier" license which is ugly in our license list. If you look at the LICENSE in https://www.npmjs.com/package/prettier?activeTab=code , it is full of extremely badly formatted "Bundled dependencies" licenses.

[jfayot]

Hi @jayvdb ! I've finally given up on using glf!

As my package manager is pnpm, the easiest for me was to use it directly to generate the licence file:

pnpm licenses --prod --json --long --no-optional list

And if I'm not wrong, this is what glf roughly does under the hood, but without giving the choice on the cmd line options...

[tobybessant]

Hey @jayvdb,

Thanks for your message, if I'm understanding correctly, your request sounds slightly different from the parent issue (which is asking us to include dev dependencies)?

Generate license file should already be excluding devDependendices and only be including the licenses of packages that are listed in the dependencies object of your package.json. As per the npm docs, this should only include dependencies that are bundled in your production build.

If you're listing prettier as a dev-dependency, and finding that it is appearing in your generated output, then please raise a separate issue with it's own repro.

I will close this issue because it sounds like the original request isn't needed anymore.

Many thanks,

Toby

[jayvdb]

I can confirm that dev dependencies are being excluded. I was misled because I saw prettier in my frontend app licenses, but it turns out that it was caused by a problem in one of our dependencies that had incorrectly put prettier in dependencies. Sigh. Thanks @tobybessant .

However, I think there is still value in allowing devDependencies to be included in the generated license file, with a schema change to add field that indicates the type of dependency. At the moment, my frontend app is limiting the licenses to production only deps, however I do want to be selectively including some of the devDependencies that are build dependencies - their code isnt literally being distributed inside the resulting app, however they significantly contribute to what is distributed, such as https://github.com/postcss/postcss and https://github.com/tailwindlabs/tailwindcss . This isnt a feature request - hence I am commenting here instead of a new issue.

Also worth checking how this tool handles peerDependencies, peerDependenciesMeta, bundleDependencies and optionalDependencies. https://docs.npmjs.com/cli/v10/configuring-npm/package-json#peerdependencies and the sections directly beneath it describe these.