@rnx-kit/third-party-notices
Advanced tools
Library and tool to build a third party notices file based on a js bundle's source map
@rnx-kit/third-party-notices provides a helper library to create a
third-party-notices text file based on a output bundle. It also provides a cli
interface to the library for integration into build steps like just-scripts
This function will read the sourcemap file and tries to find all files that are
referenced in the sourcemap by assuming that all dependencies are represented as
node_modules\moduleName or node_modules\@scope\moduleName It will then look
in the package.json file to see if it finds a licence claration or it will look
for the file called LICENCE in the root. And aggregate all ese files in the
output file.
This package works for npm, yarn and pnpm package layouts formats.
npx @rnx-kit/third-party-notices \
--rootPath <myPackage> \
--sourceMapFile <myPackage/dist/myPackage.js.map>
Options:
--help Show help [boolean]
--version Show version number [boolean]
--rootPath The root of the repo where to start resolving modules from.
[string] [required]
--sourceMapFile The sourceMap file to generate license contents for.
[string] [required]
--json Output license information as a JSON
[boolean] [default: false]
--outputFile The output file to write the license file to. [string]
--ignoreScopes Npm scopes to ignore and not emit license information for
[array]
--ignoreModules Modules (js packages) to not emit license information for
[array]
--preambleText A list of lines to prepend at the start of the generated
license file. [array]
--additionalText A list of lines to append at the end of the generated
license file. [array]
--fullLicenseText Include full license text in the JSON output
[boolean] [default: false]
import { writeThirdPartyNotices } from "@rnx-kit/third-party-notices";
writeThirdPartyNotices({
rootPath: ".",
sourceMapFile: "./dist/myPackage.js.map",
});
Import and add the plugin to ThirdPartyNotices in your metro.config.js, and
optionally configure it to your liking:
const { makeMetroConfig } = require("@rnx-kit/metro-config");
+const { ThirdPartyNotices } = require("@rnx-kit/third-party-notices");
+const { MetroSerializer } = require("@rnx-kit/metro-serializer");
module.exports = makeMetroConfig({
serializer: {
+ customSerializer: MetroSerializer([
+ ThirdPartyNotices(),
+ ]),
},
});
FAQs
Library and tool to build a third party notices file based on a js bundle's source map
The npm package @rnx-kit/third-party-notices receives a total of 6,464 weekly downloads. As such, @rnx-kit/third-party-notices popularity was classified as popular.
We found that @rnx-kit/third-party-notices demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.