search

pivotal / LicenseFinder

Find licenses for your project's dependencies.
MIT License
1.72k stars 340 forks source link

Split "Dependencies that need approval" by source (types) #856

Open AlexWayfer opened 3 years ago

AlexWayfer commented 3 years ago

Hello.

Thank you for such useful project.

BTW, when I got a long list of "Dependencies that need approval" — it's not clear from where each dependency is: there is Bundler (Ruby) and NPM in our project. It'd be more informative to split by type, for example:

Original:

LicenseFinder::Bundler: is active
LicenseFinder::NPM: is active
LicenseFinder::Yarn: is active

Dependencies that need approval:
amdefine, 1.0.1, "BSD-3-Clause OR MIT"
async-foreach, 0.1.3, MIT*
atob, 2.1.2, "(MIT OR Apache-2.0)"
caniuse-lite, 1.0.30001061, CC-BY-4.0
facebookbusiness, 0.10.0.1, Nonstandard
fsevents, 1.2.12, unknown
json-schema, 0.2.3, BSD*
newrelic_rpm, 6.11.0.365, "New Relic"
node-forge, 0.9.0, "(BSD-3-Clause OR GPL-2.0)"
pako, 1.0.11, "(MIT AND Zlib)"
path-is-inside, 1.0.2, "(WTFPL OR MIT)"
rc, 1.2.8, "(BSD-2-Clause OR MIT OR Apache-2.0)"
redis-objects, 1.5.0, Artistic-2.0
sha.js, 2.4.11, "(MIT AND BSD-3-Clause)"
spdx-exceptions, 2.3.0, CC-BY-3.0
ttfunk, 1.7.0, "GPL-2.0, GPL-3.0, Nonstandard"
unf, 0.1.4, "2-clause BSDL"
unicode_utils, 1.4.0, unknown

Proposal:

LicenseFinder::Bundler: is active
LicenseFinder::NPM: is active
LicenseFinder::Yarn: is active

Dependencies that need approval:
  NPM:
    amdefine, 1.0.1, "BSD-3-Clause OR MIT"
    async-foreach, 0.1.3, MIT*
    atob, 2.1.2, "(MIT OR Apache-2.0)"
    caniuse-lite, 1.0.30001061, CC-BY-4.0
    node-forge, 0.9.0, "(BSD-3-Clause OR GPL-2.0)"
    fsevents, 1.2.12, unknown
    json-schema, 0.2.3, BSD*
    pako, 1.0.11, "(MIT AND Zlib)"
    path-is-inside, 1.0.2, "(WTFPL OR MIT)"
    rc, 1.2.8, "(BSD-2-Clause OR MIT OR Apache-2.0)"
    sha.js, 2.4.11, "(MIT AND BSD-3-Clause)"
    spdx-exceptions, 2.3.0, CC-BY-3.0
  Bundler:
    facebookbusiness, 0.10.0.1, Nonstandard
    newrelic_rpm, 6.11.0.365, "New Relic"
    redis-objects, 1.5.0, Artistic-2.0
    ttfunk, 1.7.0, "GPL-2.0, GPL-3.0, Nonstandard"
    unf, 0.1.4, "2-clause BSDL"
    unicode_utils, 1.4.0, unknown

Also it can help when there are same-named dependencies with different types.

cf-gitbot commented 3 years ago

We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.

The labels on this github issue will be updated when the story is started.