Check dependency licenses against rules.
Configuration
Create a .licensee.json
file at the root of your package. Here is an example.
{ "license": "(MIT OR BSD-2-Clause OR BSD-3-Clause OR ISC OR Apache-2.0 OR WTFPL OR Unlicense)",
"whitelist": { "optimist": "<=0.6.1" } }
The license
property is an SPDX license expression that
spdx-expression-parse can parse. Any package with standard
license metadata that satisfies the SPDX license expression
according to spdx-satisfies will not cause an error.
The whitelist
is a map from package name to a node-semver
Semantic Versioning range. Packages whose license metadata don't match
the SPDX license expression in license
but have a name and version
described in whitelist
will not cause an error.
Use
To install and use licensee
globally:
npm install --global licensee
cd your-package
licensee
The licensee
script will exit with status 0
when all packages in
./node_modules
meet the configured licensing criteria and 1
when
one or more do not.
To install it as a development dependency of your package:
cd your-package
npm install --save-dev licensee
Consider adding licensee
to your npm scripts:
{ "scripts": { "posttest": "licensee" } }
If you want a readout of license problems, but don't want your
continuous integration going red, you can ignore licensee
's exit
code:
{ "scripts": { "posttest": "licensee || true" } }
JavaScript Module
The package exports an asynchronous function of three arguments:
-
A configuration object in the same form as .licensee.json
.
-
The path of the package to check.
-
An error-first callback that yields an array of objects describing
licensing issues.