Skip to content

Instantly share code, notes, and snippets.

@robertohuertasm
Last active December 22, 2024 05:10
Show Gist options
  • Save robertohuertasm/4770217e40209ad6a65acb1d725c3f87 to your computer and use it in GitHub Desktop.
Save robertohuertasm/4770217e40209ad6a65acb1d725c3f87 to your computer and use it in GitHub Desktop.
Simple .licrc config file for Licensebat
# IMPORTANT!: ALL SECTIONS ARE MANDATORY
[licenses]
# This indicates which are the only licenses that Licensebat will accept.
# The rest will be flagged as not allowed.
accepted = ["MIT", "MSC", "BSD"]
# This will indicate which licenses are not accepted.
# The rest will be accepted, except for the unknown licenses or dependencies without licenses.
# unaccepted = ["LGPL"]
# Note that only one of the previous options can be enabled at once.
# If both of them are informed, only accepted will be considered.
[dependencies]
# This will allow users to flag some dependencies so that Licensebat will not check for their license.
ignored=["ignored_dep1", "ignored_dep2"]
# If set to true, Licensebat will ignore the dev dependencies.
ignore_dev_dependencies = true
# If set to true, Licensebat will ignore the optional dependencies.
ignore_optional_dependencies = true
[behavior]
# False by default, if true, it will only run the checks when one of the dependency files or the .licrc file has been modified.
run_only_on_dependency_modification = true
# False by default, if true, it will never block the build.
do_not_block_pr = false
@robertohuertasm
Copy link
Author

Hi @tmillr, not sure what you mean by beyond... The tool basically gets the information about the license of a particular dependency from some source, most of the time, the registries. Then, depending on the language and the registry, it compares the declared license with the actual license (the file present in the repo) to double check that the real license is not contradicting the declared one and finally it compares that information with what you have declared in .licrc.

@tmillr
Copy link

tmillr commented Aug 25, 2022

@robertohuertasm Thanks for the explanation. I just installed this app and was wondering how it works, or what it's doing exactly, because I was originally under the impression that everything was handled automatically and that no manual configuration was needed.

But then I got the error for missing the required config file, so then I started wondering if this app does any sort of automatic checking for implicit license conflicts at all. For example, some licenses cannot be combined (e.g. Apache 2.0 and GPL2), and manual configuration doesn't seem like it would be necessary to detect these sort of implicit conflicts.

@robertohuertasm
Copy link
Author

That's a good point @tmillr but the tool does not that sort of verification, unfortunately. That would be a really cool feature to implement, though.

@Slimazz
Copy link

Slimazz commented Dec 22, 2024

Ok

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment