Open JosXa opened 1 year ago
This is on the edge of what I'd consider in scope for this project. That being said, we are already scanning for licenses, so it's not too much of a stretch to aggregate these licenses and output them into some file.
Let me give this some thought
Waiting for your thoughts :)
I'm open to this as an alternative output format (right now we output a table/summary).
We have the license + license file per package here: https://github.com/tophat/yarn-plugin-licenses/blob/1c7079ee65f80f4cd48ecfc23455f2c0e5470a21/src/index.ts#L164 though it's worth noting that we only grab the license file when the license field in the package.json is missing or says "see license".
Is your feature request related to a problem? Please describe.
This seems to be the only viable project that's capable of handling yarn berry monorepos and all other solutions to build attribution files fall short or require workarounds. However, AFAICT it can only check licenses and generate simple CSV files containing the licenses, but not copyright attributions that could be shipped with the application.
Describe the solution you'd like
What I understand under a "copyright attribution" is a text containing all packages, their versions, licenses, and the license text in its entirety, if required by the license. Something like this:
Describe alternatives you've considered
Currently, we use a Docker build to "flatten" individual apps of our monorepo down into modules with a single package.json file, so that "standard" tools like
license-checker
and oss-attribution-generator work. For yarn monorepos, I think it would be amazing if we could add an attribution output to yarn-plugin-licenses.Additional context
I'd be willing to give this a shot if you think it fits the scope of the project.