Add a license checker script #8808
Conversation
|
It sort of works:
😅 |
|
Good times. I sure do enjoy when things behave differently locally. |
| return true; | ||
| } | ||
|
|
||
| if ( licenseType.indexOf( 'OR' ) < 0 ) { |
There was a problem hiding this comment.
Can we add an inline comment explaining what happens in here?
| return false; | ||
| } | ||
|
|
||
| const subLicenseTypes = formattedlicenseType.replace( /^\(*/g, '' ).replace( /\)*$/, '' ).split( ' or ' ).map( ( e ) => e.trim() ); |
There was a problem hiding this comment.
Same as above, I bet w are extracting sublicenses. However, it is not clear how it works.
| }, false ); | ||
| } | ||
|
|
||
| const allowed = licenses.reduce( ( satisfied, allowedLicense ) => { |
There was a problem hiding this comment.
I think it can be implemented using array.find:
const allowed = licenses.find( ( allowedLicense ) => checkLicense( allowedLicense, licenseType ) );
There was a problem hiding this comment.
Love this PR ❤️ I'm happy that it integrates into wp-scripts so seamlessly and even takes advantage of hasCliArg util.
I think we could iterate on the usage of reduce functions which could stop processing when value is found like in the example I shared: #8808 (comment)
As a general concept, it is good to go. I'm giving 👍 for the functionality.
|
8bc21e9 - this is super helpful. Your future self will be very grateful for those comments :) |
| const dev = hasCliArg( '--dev' ) || hasCliArg( '--development' ); | ||
| const gpl2 = hasCliArg( '--gpl2' ); | ||
|
|
||
| const gpl2Licenses = [ |
There was a problem hiding this comment.
Nitpick here, but it'd be nice to call this gpl2CompatibleLicenses or something like that.
| '(MIT AND Zlib)', | ||
| ]; | ||
|
|
||
| const ossLicenses = [ |
There was a problem hiding this comment.
What does this variable mean? Aren't all of these licenses open source software licenses? 😄
There was a problem hiding this comment.
THESE ARE NOT THE FREE-EST LICENSES MATT
RICHARD STALLMAN IS JUDGING US FOR EVEN MENTIONING THEM
😁
There was a problem hiding this comment.
I CLEARLY HATE FREEDOM, MY MICROWAVE IS RUNNING APACHE 2 FIRMWARE.
| /** | ||
| * Check if a license string matches the given license. | ||
| * | ||
| * The license string can be a single license, or an SPDX-compatible OR license string. |
There was a problem hiding this comment.
Grammar nitpick here but I think removing the comma (which isn't really needed for just a single "or" statement like this) would improve readability. I thought the next "OR" was another "or" in the sentence, but eventually realised "SPDX-compatible OR License String" was a thing. Maybe capitalising "License String" would make it clear that's a whole concept. I didn't know what "SPDX-compatible OR License String" was 😄
Description
To ensure we're only adding GPL2 compatible packages, we need to check all the licenses.
This PR adds a script with defined safe licenses, and runs it in the
postinstallscript, to ensure devs are immediately aware if they've added something incompatible.Due to the myriad of ways that package authors define their licenses, this script allows for license strings that aren't SPDX, and for when licenses aren't defined in the package's
package.jsonbut can be found in aLICENSEorREADMEfile.Fixes #6508, #7822.
Testing
npm run check-licenseswill test that all packages defined independenciesare GPL2 compatible, and that alldevDependenciesan OSS license.Checklist: