@opengovsg/credits-generator
Advanced tools
Takes in package.json and outputs a CREDITS.md file attributing the authors of your dependencies
npx @opengovsg/credits-generator from your node projectCREDITS.md generated!An example is in this project's own package.json and CREDITS.md.
Use of open-source software is often governed by the terms of their licenses. Such terms often include the obligation to provide some form of acknowledgement of use, along with the full text of the license. This practice is strongly recommended at several organisations, including the Government Technology Agency of Singapore.
This tool was hence created to make it convenient to attribute authors of dependencies in the node.js projects that we publish. As beneficiaries of open-source software, we want to provide due recognition to those authors, and hope that others would do so too.
More information on this topic can be found in this excellent article found at nexB
Currently, this tool is only capable of retrieving LICENSE files from GitHub repositories. This may be problematic for dependencies hosted elsewhere, or license files with non-standard names.
We welcome contributions to code open-sourced by the Government Technology Agency of Singapore. All contributors will be asked to sign a Contributor License Agreement (CLA) in order to ensure that everybody is free to use their contributions.
FAQs
Takes in package.json and outputs a CREDITS.md file
The npm package @opengovsg/credits-generator receives a total of 25 weekly downloads. As such, @opengovsg/credits-generator popularity was classified as not popular.
We found that @opengovsg/credits-generator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket and Seal Security collaborate to fix a critical npm overrides bug, resolving a three-year security issue in the JavaScript ecosystem's most popular package manager.
Security News
TypeScript is porting its compiler to Go, delivering 10x faster builds, lower memory usage, and improved editor performance for a smoother developer experience.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.