Open ChristianMurphy opened 6 years ago
https://github.com/jslicense/licensee.js looks promising as a possible solution
An initial sweep with
npx licensee --license "(MIT OR BSD-2-Clause OR BSD-3-Clause OR Apache-2.0 OR ISC)" --errors-only
looks good, most (if not all) of the "NOT APPROVED" are due to spelling errors in the license SPDX field.
License listings have been wrapped as a package for easy usage: https://github.com/ChristianMurphy/apache-category-a-spdx https://github.com/ChristianMurphy/apache-category-x-spdx https://github.com/ChristianMurphy/apache-category-b-spdx
This project is licensed under Apache 2.0. Apache lists some licenses as compatible https://www.apache.org/legal/resolved.html#category-a And some as incompatible https://www.apache.org/legal/resolved.html#category-x
It would be good to do a scan of the dependency tree to ensure all licenses are compatible with our license. :1st_place_medal: That being said the project has over 1500 dependencies, manual scanning will probably not be feasible. :sweat_smile: Automation will be needed :robot:
/cc @apetro