oss-attribution-generator
Advanced tools
utility to parse bower and npm packages used in a project and generate an attribution file to include in your product
utility to parse bower and npm packages used in a project and generate an attribution file to include in your product
npm i -g oss-attribution-generator
cd pathToYourProject
generate-attribution
git add ./oss-attribution
git commit -m 'adding open source attribution output from oss-attribution-generator'
(This feature is currently only supported for Node projects)
For Node.js projects that use other Node.js projects located in different directories, the -b option can be used to provide a variable number of input directories. Each of the input directories are processed, and any duplicate entries (dependencies with same name and version number) are combined to produce a single attribution text.
cd pathToYourMainProject
generate-attribution -b pathToYourMainProject pathToYourFirstProjectDependency pathToYourSecondProjectDependency
git add ./oss-attribution
git commit -m 'adding open source attribution output from oss-attribution-generator'
Use the --help argument to get further usage details about the various program arguments:
generate-attribution --help
Sometimes, you may have an "internal" module which you/your team developed, or a module where you've arranged a special license with the owner. These wouldn't belong in your license attributions, so you can ignore them by creating an overrides.json file like so:
{
"signaling-agent": {
"ignore": true
}
}
Other times, you may need to supply your own text for the purpose of the attribution/credits. You have full control of this in the overrides.json file as well:
{
"some-package": {
"name": "some-other-package-name",
"version": "1.0.0-someotherversion",
"authors": "some person",
"url": "https://thatwebsite.com/since/their/original/link/was/broken",
"license": "MIT",
"licenseText": "you can even override the license text in case the original contents of the LICENSE file were wrong for some reason"
}
}
Like most software, this component is built on the shoulders of giants; oss-attribution-generator was inspired in part by the following work:
FAQs
utility to parse bower and npm packages used in a project and generate an attribution file to include in your product
The npm package oss-attribution-generator receives a total of 20,208 weekly downloads. As such, oss-attribution-generator popularity was classified as popular.
We found that oss-attribution-generator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.