license-downloader

license-downloader - an add-on to license-report tool

Download the license files of the dependencies of a project based on the json report from the package 'license-report'.

Install

npm install license-downloader

Usage

'license-downloader' uses the github REST API to find the location of the license files of the project (dev-) dependencies. The license file location does not depend on the package version. Details about how the license file is detected can be found in licensee/licensee > What we look at and licensee/licensee > README.

Optionally it downloads these files to a given directory.

Usage with downloading the license files:

cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --download

A copy of the 'license-report.json' file with properties 'licenseFileLink' added is saved to the './license-files' directory (defined in option --licDir). The downloaded licenses are save in a subdirectory named 'licenses' in the directory defined in --licDir.

If option --licDir is missing, the modified 'license-report.json' file and the 'licenses' subdirectory are written to the path of the source file.

Usage without downloading the license files:

cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json

The copy of the 'license-report.json' file with properties 'licenseFileLink' added is saved to the directory of the source file.

Authorization in GitHub

License-downloader uses the github api to collect information about the license file of a project. If the rate limit for anonymous access to this api is exceeded (60 accesses per hour) you will get warnings like this:

kessler/node-tableify: License query failed. Rate limit of 60 requests per hour exceeded. please wait 1534 seconds before trying again.
caolan/async: License query failed. Rate limit of 60 requests per hour exceeded. please wait 1534 seconds before trying again.

To avoid this problem you can use a github personal access token to use the higher limits of your personal github plan. As an alternative you can use fine-grained access tokens; details can be found in the github documentation for "Get the license for a repository".

There are 2 possibilities:

use a file (recommended)

write the github token, generated in your github developer settings, to a file.

The full path to this file is written to an environment variable and the name of this environment variable is set in the config parameter 'githubToken.tokenFileEnvVar':

export GITHUB_TOKEN_FILE=/run/secrets/github_pat.txt
cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --githubToken.tokenFileEnvVar GITHUB_TOKEN_FILE --download

This is the most secure variant, as access rights can be and should be set for this file to prevent unauthorized access.

use an environment variable

Generate a github token in your github developer settings and write it to an environment variable.

If the environment variable name is GITHUB_TOKEN, then it will be used automatically. If you want to use another environment variable, you can set it with the parameter --githubToken.tokenEnvVar.

Examples:

export GITHUB_TOKEN=yourgithubtoken
cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --download

Or with a different environment variable name:

export MY_GITHUB_TOKEN=yourgithubtoken
cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --githubToken.tokenEnvVar MY_GITHUB_TOKEN --download

Show debug log

Use in linux shell

export DEBUG=license-downloader

or in windows command line

SET DEBUG=license-downloader

Development

This repo uses standard-changelog to create the CHANGELOG. To ensure that the commit messages follow the standard-changelog rules, husky is used for git hooks.

To initialize the git hooks after checking out the repo, run npx husky install.

Allowed types for commit messages are:

• build
• ci
• docs
• feat
• fix
• perf
• refactor
• release
• revert
• style
• test

Allowed scopes are:

• app
• hacks
• tools