Created
November 19, 2017 13:03
-
-
Save alexilyaev/b1e7d880ad4d50fe8e95f0b68b1c0c1c to your computer and use it in GitHub Desktop.
A small script to check packages installed through npm against a whitelist of licenses and packages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const _ = require('lodash'); | |
const winston = require('winston'); | |
const checker = require('license-checker'); | |
const chalk = require('chalk'); | |
const licensesWeAreOKWith = ` | |
MIT, | |
MIT*, | |
MIT/X11, | |
(MIT AND JSON), | |
(MIT AND CC-BY-3.0), | |
MIT / http://rem.mit-license.org, | |
BSD, | |
BSD*, | |
BSD-like, | |
BSD-2-Clause, | |
BSD-3-Clause, | |
BSD-3-Clause AND MIT, | |
BSD-3-Clause OR MIT, | |
BSD-3-Clause AND MIT Apache 2.0, | |
BSD-4-Clause, | |
(BSD-2-Clause OR MIT OR Apache-2.0), | |
(BSD-2-Clause OR WTFPL), | |
ISC, | |
ISC*, | |
Apache*, | |
Apache 2, | |
Apache2, | |
Apache-2.0, | |
Apache 2.0, | |
Apache License, | |
Apache License version 2.0, | |
Apache License, Version 2.0, | |
WTFPL, | |
CC-BY-3.0, | |
CC-BY-4.0, | |
Public Domain, | |
Public domain, | |
`; | |
const packagesWeAreOKWith = [ | |
'babel-runtime' | |
]; | |
checker.init({ | |
start: './', | |
exclude: licensesWeAreOKWith, | |
color: true | |
}, (err, json) => { | |
if (err) { | |
winston.info('There was an error', err); | |
return process.exit(1); | |
} | |
winston.info('Packages that were not filtered on 1st go:'); | |
_.forEach(json, (pkgData, pkgName) => { | |
winston.info(`${pkgName}: ${pkgData.licenses}`); | |
}); | |
winston.info('-----------\nlooking for packages we approve...'); | |
const packagesArray = Object.keys(json); | |
_.forEach(packagesArray, (packageNameWithVersion) => { | |
const packageName = packageNameWithVersion.split('@')[0]; | |
// We must strip the color with chalk for this to work | |
if (_.includes(packagesWeAreOKWith, chalk.stripColor(packageName))) { | |
winston.info(`I know This package ==> '${packageName}' continuing...`); | |
} | |
else { | |
// fail build | |
winston.info(`FAILED: Unknown package ===> '${packageNameWithVersion}' exiting...`); | |
winston.info(`LICENSE that failed ==> '${json[packageNameWithVersion].licenses}'`); | |
process.exit(1); | |
} | |
}); | |
winston.info('All good!'); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment