@rnx-kit/third-party-notices
Advanced tools
Library and tool to build a third party notices file based on a js bundle's source map
@rnx-kit/third-party-notices provides a helper library to create a
third-party-notices text file based on a output bundle. It also provides a cli
interface to the library for integration into build steps like just-scripts
This function will read the sourcemap file and tries to find all files that are
referenced in the sourcemap by assuming that all dependencies are represented as
node_modules\moduleName or node_modules\@scope\moduleName It will then look
in the package.json file to see if it finds a licence claration or it will look
for the file called LICENCE in the root. And aggregate all ese files in the
output file.
This package works for npm, yarn and pnpm package layouts formats.
npx @rnx-kit/third-party-notices \
--rootPath <myPackage> \
--sourceMapFile <myPackage/dist/myPackage.js.map>
Options:
--help Show help [boolean]
--version Show version number [boolean]
--rootPath The root of the repo where to start resolving modules from.
[string] [required]
--sourceMapFile The sourceMap file to generate license contents for.
[string] [required]
--json Output license information as a JSON
[boolean] [default: false]
--outputFile The output file to write the license file to. [string]
--ignoreScopes Npm scopes to ignore and not emit license information for
[array]
--ignoreModules Modules (js packages) to not emit license information for
[array]
--preambleText A list of lines to prepend at the start of the generated
license file. [array]
--additionalText A list of lines to append at the end of the generated
license file. [array]
--fullLicenseText Include full license text in the JSON output
[boolean] [default: false]
import { writeThirdPartyNotices } from "@rnx-kit/third-party-notices";
writeThirdPartyNotices({
rootPath: ".",
sourceMapFile: "./dist/myPackage.js.map",
});
Import and add the plugin to ThirdPartyNotices in your metro.config.js, and
optionally configure it to your liking:
const { makeMetroConfig } = require("@rnx-kit/metro-config");
+const { ThirdPartyNotices } = require("@rnx-kit/third-party-notices");
+const { MetroSerializer } = require("@rnx-kit/metro-serializer");
module.exports = makeMetroConfig({
serializer: {
+ customSerializer: MetroSerializer([
+ ThirdPartyNotices(),
+ ]),
},
});
FAQs
Library and tool to build a third party notices file based on a js bundle's source map
The npm package @rnx-kit/third-party-notices receives a total of 9,479 weekly downloads. As such, @rnx-kit/third-party-notices popularity was classified as popular.
We found that @rnx-kit/third-party-notices demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.