download the latest version of the RIO license whitelist for the given project type from the central RIO license S3 bucket
run a 3rd party license checker tool to crawl the licenses of the project in the given directory (or ., if not specified)
compare the licenses found with the RIO whitelist
- if a license is found that is not in the whitelist: fail with nonzero exit code
- if all licenses are compliant: upload a license report to the central RIO license S3 bucket (only if the --upload flag is set)

Nothing of that is really new - this is supposed to be a testable, maintainable drop-in replacement for the code snippets & scripts we currently copy-paste from one repo to another.

Currently supports:

npm frontend projects
npm backend projects
gradle projects

License Check Implementation

npm

The underlying license checker tool is license-checker-rseidelsohn.
The license checker generates a report and compares the licenses to the passed whitelist.
The application's own package is automatically excluded from the report, as it (usually) does not have a license.
For testability reasons, we cannot use the programmatic interface of the tool. Instead, we call it as a subprocess via zx.
You can exclude dependencies by creating a oss-licenses-ignore-packages.txt file in the project directory.

gradle

The underlying license report tool is hierynomus/license-gradle-plugin.
You need to include & configure the plugin in your build.gradle.kts.
The output of the plugin is compared with the whitelist programmatically (as we used to do in the build.gradle.kts).
For subprojects, you need a separate invocation of the license checker, where the directory points to the subproject.
- Currently, only subprojects directly below the root project are supported (limited by where the checker looks for the gradle wrapper).
- When doing so, take care to specify a different service name to prevent overwriting the license report of the root project.
- Please see below for an example.

npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t gradle
npx @rio-cloud/rio-license-checker -a rio-example -s example-service_sub-project -t gradle -d ./sub-project

Usage

Show usage

npx @rio-cloud/rio-license-checker -h

Run the license check for a project. Requires AWS credentials (RIO developer role), e.g. via AWS_PROFILE=....

npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t npm-frontend --verbose

FAQs

What is @defaude/rio-license-checker?

Is @defaude/rio-license-checker well maintained?

Package last updated on 21 Nov 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install