rollup-plugin-license
Rollup plugin that can be used to:
- Prepend a banner from a file.
- Create a file containing all third-parties used in the bundle (and display the license of each dependency).
How to use
Install the plugin with NPM:
npm install --save-dev rollup-plugin-license
Then add it to your rollup configuration:
const path = require('path');
const license = require('rollup-plugin-license');
module.exports = {
plugins: [
license({
sourcemap: true,
cwd: process.cwd(), // The default
banner: {
commentStyle: 'regular', // The default
content: {
file: path.join(__dirname, 'LICENSE'),
encoding: 'utf-8', // Default is utf-8
},
// Optional, may be an object or a function returning an object.
data() {
return {
foo: 'foo',
};
},
},
thirdParty: {
includePrivate: true, // Default is false.
includeSelf: true, // Default is false.
multipleVersions: true, // Default is false.
output: {
file: path.join(__dirname, 'dist', 'dependencies.txt'),
encoding: 'utf-8', // Default is utf-8.
},
},
}),
],
}Banner
Banner file
The banner file can be a text file and it will be converted to a block comment automatically if needed.
Note that the content will be translated to a lodash template with the following data model:
pkg: The content of the projectpackage.json.dependencies: An array of all the dependencies included in the bundle.moment: Themomentobject._: The lodash object.dataA custom data object, defined in banner options.
Here is a valid banner:
Bundle of <%= pkg.name %>
Generated: <%= moment().format('YYYY-MM-DD') %>
Version: <%= pkg.version %>
Dependencies:
<% _.forEach(dependencies, function (dependency) { %>
<%= dependency.name %> -- <%= dependency.version %>
<% }) %>Comment style
Since version 0.10.0, it is possible to customize banner style using the commentStyle option:
license({
banner: {
commentStyle: 'regular', // The default
content: {
file: path.join(__dirname, 'LICENSE'),
},
},
})Following options are available:
regular: "classic" comment block is used (this is the default), for example:
/**
* This is the `regular` style.
*/ignored: a comment block with prefix ignored by minifiers, for example:
/*!
* This is the `ignored` style.
*/slash: banner is prepended using "slash" comments, for example:
//
// This is the `slash` style.
//none: nothing done, be careful to prepenbd a banner already "commented".
Banner as a "simple" string
Since version 0.3.0, banner can be a simple string that will be used directly:
const license = require('rollup-plugin-license');
module.exports = {
plugins: [
license({
banner: `Copyright <%= moment().format('YYYY') %>`,
}),
],
}If you want to add some options to banner (such as the comment style to use), and still define it as a string (insead of pointing to a file), you can also define the banner like this (since version 0.11.0):
const license = require('rollup-plugin-license');
module.exports = {
plugins: [
license({
banner: {
content: `Copyright <%= moment().format('YYYY') %>`,
commentStyle: 'ignored',
},
}),
],
}Deprecated format
Until version 0.10.0, banner file was defined as:
const path = require('path');
const license = require('rollup-plugin-license');
module.exports = {
plugins: [
license({
banner: {
file: path.join(__dirname, 'LICENSE'),
encoding: 'utf-8',
},
}),
],
};This format has been deprecated with version 0.11.0 and removed with version 1.0.O, and the banner file should be defined inside banner.content entry:
const path = require('path');
const license = require('rollup-plugin-license');
module.exports = {
plugins: [
license({
banner: {
content: {
file: path.join(__dirname, 'LICENSE'),
encoding: 'utf-8',
},
},
}),
],
};Dependencies output
A file containing a summary of all dependencies can be generated automatically using the following options:
license({
thirdParty: {
output: path.join(__dirname, 'dist', 'dependencies.txt'),
includePrivate: true, // Default is false.
},
})Starting with version 0.12.0, you can have more control by defining output as an object, for example:
license({
thirdParty: {
includePrivate: false,
output: {
file: path.join(__dirname, 'dist', 'dependencies.txt'), // Path of the license report
encoding: 'utf-8', // default is UTF-8
// Template function that can be defined to customize report output
template(dependencies) {
return dependencies.map((dependency) => `${dependency.name}:${dependency.version} -- ${dependency.license}`).join('\n');
},
},
},
})Note that the template option can also be a lodash template:
license({
thirdParty: {
includePrivate: false,
output: {
file: path.join(__dirname, 'dist', 'dependencies.txt'),
// Lodash template that can be defined to customize report output
template: `
<% _.forEach(dependencies, function (dependency) { %>
<%= dependency.name %>:<%= dependency.version%> -- <%= dependency.license %>
<% }) %>
`,
},
},
})For example, it can be relatively easy to produce a JSON output instead of a text file:
license({
thirdParty: {
includePrivate: false,
output: {
file: path.join(__dirname, 'dist', 'dependencies.json'),
template(dependencies) {
return JSON.stringify(dependencies);
}
},
},
})By default, the "self" package is ignored (by "self", we mean the package being built), but startint with version 3.4.0, you can force inclusion using the includeSelf option:
license({
thirdParty: {
includeSelf: true,
output: {
file: path.join(__dirname, 'dist', 'dependencies.json'),
template(dependencies) {
return JSON.stringify(dependencies);
}
},
},
})License Checks
Starting with version 0.13, it is possible to ensure that dependencies does not violate any license restriction. For example, suppose you want to limit dependencies with MIT or Apache-2.0 licenses, simply define the restriction such as:
license({
thirdParty: {
allow: '(MIT OR Apache-2.0)',
},
})Note that the allow value here should be a valid SPDX pattern (more information here).
The allow option here will print a warning to the console for all license violation. Note that, if you want more control, it can also be defined as function:
license({
thirdParty: {
allow(dependency) {
return dependency.license === 'MIT';
},
},
})The function defined here allow only MIT licenses, and will print a warning for anything else.
Finally, if emitting a warning is not enought for you, you can also choose to fail the build:
license({
thirdParty: {
allow: {
test: 'MIT', // Or a function that should returns `true` or `false`
failOnUnlicensed: true, // Fail if a dependency does not specify any licenses, default is `false`
failOnViolation: true, // Fail if a dependency specify a license that does not match given requirement, default is `false`
},
},
})Starting with version 3.1.0, you can also use the multipleVersions option to track dependencies in different version as a different dependency.
It can be particularly useful in case a dependency changed its license between two versions.
Note that this option is false by default (mainly to keep backward compatibility).
license({
thirdParty: {
includePrivate: false,
multipleVersions: true,
output: {
file: path.join(__dirname, 'dist', 'dependencies.txt'), // Path of the license report
encoding: 'utf-8', // default is UTF-8
template(dependencies) {
return dependencies.map((dependency) => `${dependency.name}:${dependency.version} -- ${dependency.license}`).join('\n');
},
},
},
})Changelogs
- 3.5.0
- 3.4.1
- Add the license for the package itself without having to specify
includePrivateflag (see comment).
- Add the license for the package itself without having to specify
- 3.4.0
- Allow adding the license for the package itself into the thirdParty output #1685
- Dependency upgrades
- 3.3.1
- Ensure the
multipleVersionsoption is correctly validated (#1682)
- Ensure the
- 3.3.0
- Include notice file in the third party output (#1683)
- Dependency upgrades
- 3.2.0
- Support rollup ^4.0.0
- Dependency upgrades
- 3.1.0
- Add
thirdParty.multipleVersionsoption (#1528)
- Add
- 3.0.0
- Support rollup^3.0.0
- 2.8.0
- Relax production dependency versions ([#1128]()https://github.com/mjeanroy/rollup-plugin-license/issues/1128)
- Update dependencies
- 2.7.0
- Update dependencies (#1077)
- 2.6.0
- Improve case insensitive search (PR), thanks @codepunkt!
- Search for
LICENCEorLICENSEfiles (PR), thanks @codepunkt!
- 2.5.0
- Look for dependencies' license files case insensitively, thanks @Luke-zhang-04!
- 2.4.0
- Typings added
- Update dependencies
- 2.0.0
- Support node >= 10
- Update dependencies
- 1.0.0
- Remove support for rollup < 1.0.0
- Remove support for deprecated options.
- Support node >= 6
- 0.14.0
- Update rollup peer dependency
- Produce a single file as dist output
- Update dependencies
- 0.13.0
- Add license checking (see #381).
- 0.12.1
- Restore compatibility with Node6
- 0.12.0
- Improve
outputconfiguration (see #379). - Improve option object validation and warning.
- Deprecate
thirdParty.encodingoption. - Dev dependencies updates.
- Improve
- 0.11.0
- 0.10.0
- 0.9.0
- Fix for
NULLcharacter (see #1). - Various dependency updates.
- Fix for
- 0.8.1
- Add rollup as a peer dependency.
- 0.8.0
- Deprecate
sourceMapoption (usesourcemapoption in lowercase) to keep it consistent with rollup. - Fix deprecate call with rollup >= 1, keep compatibility with legacy versions of rollup.
- Upgrade dependencies.
- Deprecate
- 0.7.0
- Add a way to specify custom data object when rendering banner.
- Add
cwdoption to specify custom working directory (optional option). - Upgrade dependencies.
- 0.6.0
- Upgrade
commentingdependency.
- Upgrade
- 0.5.0
- Feat: Sourcemap is now enable by default to ensure compatibility with other rollup plugins.
- Fix: Add compatibility with rollup >= 0.48.0 (the new
sourcemapoption). - Fix: Ensure plugin
sourcempis used instead of the "global" one in rollup options. - Chore: dependency updates.
- 0.4.0
- Dependency update (
moment). - Dependency update (
magic-string).
- Dependency update (
- 0.3.0
- Add encoding option for banner and third-party output file.
- Banner can be a simple string.
License
MIT License (MIT)
Contributing
If you find a bug or think about enhancement, feel free to contribute and submit an issue or a pull request.