Add license checker #463
Merged
Add license checker #463
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tn3rb
previously approved these changes
May 18, 2018
This allows us to verify licenses of packages we add.
nerrad
force-pushed
the
FET/add-npm-licence-checker
branch
from
a40ae37 to
82a4888
Compare
tn3rb
approved these changes
May 18, 2018
eeteamcodebase
pushed a commit
that referenced
this pull request
May 18, 2018
…se checker (#463) * Install and configure js-green-licenses package This allows us to verify licenses of packages we add. * automate license check in travis "
ntwb
reviewed
May 22, 2018
| ], | ||
| "packageWhitelist": [ | ||
| "@eventespresso/react-exit-modal-typeform", | ||
| "@wordpress/jest-preset-default", |
There was a problem hiding this comment.
You shouldn't need to whitelist this package should you as it is GPL-2.0-or-later licensed?
There was a problem hiding this comment.
at the time there were fails. It's possible the library had an out-of-date SPDX validator. I just re-ran the checker excluding this package from the whitelist and it ran okay so I'll change this in another pull.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem this Pull Request solves
With the new build system, its really easy to add npm packages without giving thought to any licenses that package (or its dependencies) may have. In order to prevent conflicts with our GPLv2 license, I've added a license checker package that will check licenses in install packages (dependencies only, we don't need to worry about devDependencies). If there's a package that fails, then it will fail a travis build. The tool can also be used outside of travis by just running
npm run lc.For this first iteration, I've added the configuration file that enables all our current packages to run green (whitelisted packages are either only used in development type environments or is something we already bundle in production (something thats embedded in our usage of typeform). We may need to revisit in the future our
exit-modal-embedpackage because it's license may not be compatible with the licenses in the typeform tree. But for now I've added an exclusion.How has this been tested
npm run lcand verified it passed all license checks.Checklist
esc_html__(), see https://codex.wordpress.org/I18n_for_WordPress_Developers)