dash-licenses icon indicating copy to clipboard operation
dash-licenses copied to clipboard
verified publisher icon eclipse

Add support for file-based dependency readers in LicenseCheckMojo

Open stbischof opened this issue 9 months ago • 4 comments

  • Add ReaderType enum for supported reader types
  • Introduce ReaderConfig for reader type and file patterns
  • Update LicenseCheckMojo to handle file-based dependencies

stbischof avatar Mar 23 '25 17:03 stbischof

What is the of process to go further with that

stbischof avatar Mar 30 '25 13:03 stbischof

@HannesWell @waynebeaton can you take a look?

laeubi avatar Oct 18 '25 10:10 laeubi

@HannesWell @waynebeaton can you take a look?

Sorry, I'm currently overwhelmed with other tasks and this isn't the an area of core experience of mine.

HannesWell avatar Oct 28 '25 21:10 HannesWell

My primary concern with this patch is that we are already having trouble keeping up with the various file readers.

AFAIK, not specification exists that describes the PNPM/NPM/Yarn lockfile formats, for example. These formats change over time, and we're already unable to keep pace with that rate of change (see #415 #500 #507).

I hesitate to commit further to supporting these formats.

My thinking is that at some point in the future, we will support just flat files and popular SBOM formats. My thinking is that everybody has to create SBOM builders, so we should just leverage that good work. Either that, or we get commitment from folks to support the various formats in perpetuity.

FWIW, my preference is to use configuration via dependency injection to build the set of file formats rather than hard coding them in an enumeration. At least in part this project serves an an example, and making it as easily extendable as possible by adopters is a goal.

waynebeaton avatar Oct 29 '25 16:10 waynebeaton