@rnx-kit/third-party-notices
Advanced tools
Library and tool to build a third party notices file based on a js bundle's source map
@rnx-kit/third-party-notices provides a helper library to create a
third-party-notices text file based on a output bundle. It also provides a cli
interface to the library for integration into build steps like just-scripts
This function will read the sourcemap file and tries to find all files that are
referenced in the sourcemap by assuming that all dependencies are represented as
node_modules\moduleName or node_modules\@scope\moduleName It will then look
in the package.json file to see if it finds a licence claration or it will look
for the file called LICENCE in the root. And aggregate all ese files in the
output file.
This package works for npm, yarn and pnpm package layouts formats.
At the moment this package only supports webpack based bundles, there is nothing preventing adding metro support, the current customers of this module are basedon webpack at the moment.
npx @rnx-kit/third-party-notices --rootPath <myPackage> --sourceMapFile <myPackage/dist/myPackage.js.map>
Options:
--help Show help [boolean]
--version Show version number [boolean]
--rootPath The root of the repo where to start resolving modules from.
[string] [required]
--sourceMapFile The sourceMap file to generate licence contents for.
[string] [required]
--outputFile The output file to write the licence file to. [string]
--json Output license information as a JSON
[boolean] [default: false]
--ignoreScopes Npm scopes to ignore and not emit licence information for
[array]
--ignoreModules Modules (js packages) to not emit licence information for
[array]
--preambleText A list of lines to prepend at the start of the generated
licence file. [array]
--additionalText A list of lines to append at the end of the generated
licence file. [array]
import { writeThirdPartyNotices } from "@rnx-kit/third-party-notices";
writeThirdPartyNotices({
rootPath: ".",
sourceMapFile: "./dist/myPackage.js.map",
});
FAQs
Library and tool to build a third party notices file based on a js bundle's source map
The npm package @rnx-kit/third-party-notices receives a total of 6,464 weekly downloads. As such, @rnx-kit/third-party-notices popularity was classified as popular.
We found that @rnx-kit/third-party-notices demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."