Closed maoo closed 4 years ago
Hi @maoo, thanks for getting in touch!
I agree that react-scripts
should be listed as a devDependency
rather than a dependency
.
The reason why it's currently listed as a dependency
is due to https://github.com/facebook/create-react-app/issues/2696.
create-react-app
out of the box puts react-scripts
as a dependency
rather than devDependency
for compatbility purposes. There's nothing stopping us in our particular use-case setting it as a devDependency
so we should be fine to swap it over to the more appropriate place.
Thanks @oriondean !
Do you see any problems adding/updating all the package.json
files to use Apache-2.0
as license?
Nope! Sorry I didn't get back to you, been busy travelling. @ColinEberhardt has stepped in during my absence to stick a PR up (thanks!)
This should all be resolved now.
I was scanning (runtime) dependency licenses being pulled by the project at build time, using the following commands:
The result I get is a long list of unidenfied/unfriendly licenses that are pulled from the dependency
react-scripts
, which seems to be more suited asdevDependency
rather than a (runtime)dependency
.I locally updated
demo/package.json
accordingly and run the scripts, everything seems to be working as expected; I also addedlicense: "Apache-2.0"
into the same file, otherwisenode-license-validator
would complain about it.Would be great to add these license validation steps as part of the CircleCI build process.
This work is part of the contribution process to FINOS, see https://finosfoundation.atlassian.net/browse/CONTRIB-56
Thanks!