jamonholmgren
commented
6 years ago That's an interesting idea for sure. I like it!
Open GantMan opened 6 years ago
jamonholmgren
commented
6 years ago That's an interesting idea for sure. I like it!
skellock
commented
6 years ago I like it. I never think to check this.
jamonholmgren
commented
6 years ago I'm not sure we want to determine which licenses are "even more lenient" though. We may just want a default list of acceptable licenses that people can then customize.
GantMan
commented
6 years ago I like this. So when you add the rule, there's a list with delineations on obligations it puts on the consumer of the licensed code. "Must include attribution" etc.
jamonholmgren
commented
6 years ago This is a killer use case for solidarity, btw.
GantMan
commented
6 years ago To check: Build around this https://github.com/davglass/license-checker
tabrindle
commented
6 years ago That's a great idea. On Wed, Feb 7, 2018 at 5:18 PM Gant Laborde notifications@github.com wrote:
To check: Build around this https://github.com/davglass/license-checker
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/infinitered/solidarity/issues/145#issuecomment-363930123, or mute the thread https://github.com/notifications/unsubscribe-auth/ACyh-B9BPy8pqYmmTvVjc9-D6jj-1pOmks5tSiElgaJpZM4RHdUQ .
GantMan
commented
6 years ago enforce licenses rule whitelist
"License Stuff": {
{"rule": "custom", "plugin":"license", "name": "enforceLicenses", "whitelist": [
"MIT", "ISC", "BSD-3*", "BSD-2*", "Unlicense", "Public Domain", "Apache", "WTFPL", "CC*"
],
"ignore": ['dumb-node-module', 'module-cuasing-failure-but-license-known']
}
}succeeds as long as all modules and sub-modules (not explicitly ignored) fit the given whitelist.
enforce licenses rule blacklist
"License Stuff": {
{"rule": "custom", "plugin":"license", "name": "enforceLicenses", "blacklist": [
"BSD-2*", "Apache*"
],
"ignore": ['dumb-node-module', 'module-cuasing-failure-but-license-known']
}
}succeeds as long as all modules and sub-modules (not explicitly ignored) do not have a license identified with the blacklist.
Add the feature where the rule only pertains to production or development.
"License Stuff": {
{"rule": "custom", "plugin":"license", "name": "enforceLicenses", "whitelist": [
"MIT", "ISC", "BSD-3*", "BSD-2*", "Unlicense", "Public Domain", "Apache", "WTFPL", "CC*"
],
"ignore": ['dumb-node-module', 'module-cuasing-failure-but-license-known'],
"scope": "production"
}
}scope can be "production" | "prod" | "development" | "dev" | "all" (default is all)
GantMan
commented
6 years ago Can use this in reports:
jamonholmgren
commented
6 years ago I like the API @GantMan. 👍 👍
skellock
commented
6 years ago Legit. I want this. Hurry! They're coming!!!
GantMan
commented
6 years ago Possible plugin game changer. https://github.com/fossas/fossa-cli
Lots of people are building projects and those projects end up using dependencies of various licenses, or sometimes no license at all.
Would be cool if there was a license rule (maybe via plugin) that would check all packages and ensure that the licenses of the included modueles were either of a status or even more lenient.
So if I set my license rule to BSD-2 it would accept MIT, WTFPL etc., unless
exactis set to true.Feedback plz: @skellock and @jamonholmgren