Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@rnx-kit/third-party-notices

Package Overview
Dependencies
Maintainers
8
Versions
35
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@rnx-kit/third-party-notices

Library and tool to build a third party notices file based on a js bundle's source map

  • 1.3.3
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
7.1K
decreased by-36%
Maintainers
8
Weekly downloads
 
Created
Source

@rnx-kit/third-party-notices

Build npm version

@rnx-kit/third-party-notices provides a helper library to create a third-party-notices text file based on a output bundle. It also provides a cli interface to the library for integration into build steps like just-scripts

This function will read the sourcemap file and tries to find all files that are referenced in the sourcemap by assuming that all dependencies are represented as node_modules\moduleName or node_modules\@scope\moduleName It will then look in the package.json file to see if it finds a licence claration or it will look for the file called LICENCE in the root. And aggregate all ese files in the output file.

This package works for npm, yarn and pnpm package layouts formats.

At the moment this package only supports webpack based bundles, there is nothing preventing adding metro support, the current customers of this module are basedon webpack at the moment.

Usage

Commandline

npx @rnx-kit/third-party-notices --rootPath <myPackage> --sourceMapFile <myPackage/dist/myPackage.js.map>

Options:
  --help            Show help                                          [boolean]
  --version         Show version number                                [boolean]
  --rootPath        The root of the repo where to start resolving modules from.
                                                             [string] [required]
  --sourceMapFile   The sourceMap file to generate licence contents for.
                                                             [string] [required]
  --outputFile      The output file to write the licence file to.       [string]
  --json            Output license information as a JSON
                                                      [boolean] [default: false]
  --ignoreScopes    Npm scopes to ignore and not emit licence information for
                                                                         [array]
  --ignoreModules   Modules (js packages) to not emit licence information for
                                                                         [array]
  --preambleText    A list of lines to prepend at the start of the generated
                    licence file.                                        [array]
  --additionalText  A list of lines to append at the end of the generated
                    licence file.                                        [array]

As a library

import { writeThirdPartyNotices } from "@rnx-kit/third-party-notices";

writeThirdPartyNotices({
  rootPath: ".",
  sourceMapFile: "./dist/myPackage.js.map",
});

As a plugin

Import and add the plugin to ThirdPartyNotices in your metro.config.js, and optionally configure it to your liking:

 const { makeMetroConfig } = require("@rnx-kit/metro-config");
+const { ThirdPartyNotices } = require("@rnx-kit/third-party-notices");
+const { MetroSerializer } = require("@rnx-kit/metro-serializer");

 module.exports = makeMetroConfig({
   serializer: {
+    customSerializer: MetroSerializer([
+      ThirdPartyNotices(),
+    ]),
   },
 });

FAQs

Package last updated on 21 Apr 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc