-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suggestion: Add ability to paste LICENSE.* files into third-party dependencies file #379
Comments
Hi @lukastaegert, Thanks for the report. What you suggest looks pretty nice, I'll implement it (if you want to submit a PR, that's ok, but I think you already have a lot of work with rollup!). Do you have a suggestion about the option name? Something like |
I think Another thing I keep wondering about (but this could also be a separate feature suggestion) is to allow the user more formatting control over the third party licenses file. An easy way to do that could be to allow
The previous object form could still be supported for a pre-formatted file as before. What do you think? |
Yeah, checking for the For the second part, I'm very sorry, I'm not sure to understand clearly your suggestion, may you just add a code example ? :) |
Ah sorry, here is how it could work from a user perspective: // this should still work
license({
thirdParty: {
output: path.join(__dirname, 'dist', 'dependencies.txt')
}
})
// but this could be supported as well
license({
thirdParty(dependencies) {
fs.writeFileSync(path.join(__dirname, 'LICENSE', `This package contains code from the following packages:
${dependencies.map(({name, license, licenseFile}) => `${name}: ${license}\n${licenseFile}\n`)}`)
}
}) On the plugin side, this could be like if (typeof thirdParty === 'function') thirdParty(dependencies) else {/*old logic*/} |
Hi @lukastaegert, First of all, the dependency object now include Also, now, as you suggested, the license({
thirdParty(dependencies) {
// Do whatever you want.
}
}); Here, only non private dependencies will be available as the first parameter. license({
thirdParty: {
includePrivate: true,
output(dependencies) {
// Do whatever you want.
},
},
}); Otherwise, you can still use the "good old" file output with a default content: license({
thirdParty: {
includePrivate: true,
output: 'path/to/thirdParty/output/file.txt,
},
}); Finally, if you still want to use the output file, but customize the output text, you can use the license({
thirdParty: {
includePrivate: true,
output: {
file: 'path/to/thirdParty/output/file.txt',
template(dependencies) {
return `This package contains code from the following packages: ${dependencies.map(({name, license, licenseFile}) => `${name}: ${license}\n${licenseText}\n`)}`;
},
},
},
}); It allows you, for example, to export a JSON file instead of a text file: license({
thirdParty: {
includePrivate: true,
output: {
file: 'path/to/thirdParty/output/file.json',
template(dependencies) {
return JSON.stringify(dependencies);
},
},
},
}); Do you think it can solve your issue, or do you see something that should be added before releasing a new version (#381 will be fixed in the next version) ? |
Awesome! I'll give it a spin! |
This is amazing, great work! |
Version 0.12.0 has been published with these changes. |
When searching for a way to bundle files for distribution on npm in a license-compatible manner and nearly starting to write my own plugin I came across yours which is really close to what I have in mind but would need some extensions to solve the issue at hand.
At the moment, your plugin is able to generate a file listing the licenses of third-party dependencies. While this is really helpful for other people using my package to get an overview of applying licenses, it does not meet the requirements of many of these licenses. For instance MIT states that "... The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. ..." while ISC states "... provided that the above copyright notice and this permission notice appear in all copies. ..."
Obviously, these requirements are not met by simply listing the licenses. One idea to adress this without a lot of complicated logic and keeping the "single file" approach could be to scan for "LICENSE.*" files next to package.json files and add an option to paste their content into the third party dependencies file. That would meet the requirements of many FOSS licenses and would also make me recommend this plugin to everyone bundling their dependencies before publishing.
If you would be open to a PR please let me know, but there are some more ideas for which I will open separate issues.
The text was updated successfully, but these errors were encountered: