Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A small script to check packages installed through npm against a whitelist of licenses and packages
'use strict';
const _ = require('lodash');
const winston = require('winston');
const checker = require('license-checker');
const chalk = require('chalk');
const licensesWeAreOKWith = `
MIT,
MIT*,
MIT/X11,
(MIT AND JSON),
(MIT AND CC-BY-3.0),
MIT / http://rem.mit-license.org,
BSD,
BSD*,
BSD-like,
BSD-2-Clause,
BSD-3-Clause,
BSD-3-Clause AND MIT,
BSD-3-Clause OR MIT,
BSD-3-Clause AND MIT Apache 2.0,
BSD-4-Clause,
(BSD-2-Clause OR MIT OR Apache-2.0),
(BSD-2-Clause OR WTFPL),
ISC,
ISC*,
Apache*,
Apache 2,
Apache2,
Apache-2.0,
Apache 2.0,
Apache License,
Apache License version 2.0,
Apache License, Version 2.0,
WTFPL,
CC-BY-3.0,
CC-BY-4.0,
Public Domain,
Public domain,
`;
const packagesWeAreOKWith = [
'babel-runtime'
];
checker.init({
start: './',
exclude: licensesWeAreOKWith,
color: true
}, (err, json) => {
if (err) {
winston.info('There was an error', err);
return process.exit(1);
}
winston.info('Packages that were not filtered on 1st go:');
_.forEach(json, (pkgData, pkgName) => {
winston.info(`${pkgName}: ${pkgData.licenses}`);
});
winston.info('-----------\nlooking for packages we approve...');
const packagesArray = Object.keys(json);
_.forEach(packagesArray, (packageNameWithVersion) => {
const packageName = packageNameWithVersion.split('@')[0];
// We must strip the color with chalk for this to work
if (_.includes(packagesWeAreOKWith, chalk.stripColor(packageName))) {
winston.info(`I know This package ==> '${packageName}' continuing...`);
}
else {
// fail build
winston.info(`FAILED: Unknown package ===> '${packageNameWithVersion}' exiting...`);
winston.info(`LICENSE that failed ==> '${json[packageNameWithVersion].licenses}'`);
process.exit(1);
}
});
winston.info('All good!');
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment