Open Undistraction opened 2 years ago
@Undistraction May I ask why you're running license checker?
We have very similar situation and problem. We have several apps that use our internal npm packages from our internal npm registry. Our packages are not set private in package.json
. The packages are for internal projects only, so they are not licensed. Therefore we have "license": "UNLICENSED",
in package.json
.
We use license-checker
to list all packages we use and their licenses, to give our users the access to that information if they are to need it. This could be for legal, or what ever purpose. ATM the license-checker
fallbacks to our readmes which can result to a security issue if someone mistakenly puts some delicate information there. Anyway, we don't want to show our readmes in the apps in the license page. They don't make any sense in the license list context.
We would very much appreciate the support to also list license info for unlicensed not private packages.
PS. This is a great library. Thank you for making it! 🙏
If the project is under a MIT license (https://github.com/ngx-translate/core/blob/master/LICENSE), why isn't it in the package.json? It could make things easier to the license-checker
We have a monorepo and publish private packages from it to NPM to be consumed by our applications.
The config for a package includes:
Packages marked as
private: true
are not published to the registry, so packages publishing private packages to NPM cannot use this.From the NPM docs.
Inside apps that consume our packages we are running
license-checker
. Instead of reporting our packages asUNLICENSED
, it reports them asUNKNOWN
. This is because if the value of package'slicense
field isUNKNOWN
a value of null is returned from license. There is a subsequent check for UNLICENCED, but it only happens for packages that haveprivate: true
.It is perfectly valid to have a license of
UNLICENSED
for a non-private package when published and consumed in this way so this feels like a bug.