solidarity icon indicating copy to clipboard operation
solidarity copied to clipboard

Published 20 hours ago verified publisher icon infinitered

🔌 Plugin Idea - Enforce License

Open GantMan opened this issue 6 years ago • 12 comments

Lots of people are building projects and those projects end up using dependencies of various licenses, or sometimes no license at all.

Would be cool if there was a license rule (maybe via plugin) that would check all packages and ensure that the licenses of the included modueles were either of a status or even more lenient.

So if I set my license rule to BSD-2 it would accept MIT, WTFPL etc., unless exact is set to true.

Feedback plz: @skellock and @jamonholmgren

GantMan avatar Dec 19 '17 19:12 GantMan

That's an interesting idea for sure. I like it!

jamonholmgren avatar Dec 19 '17 20:12 jamonholmgren

I like it. I never think to check this.

skellock avatar Dec 19 '17 20:12 skellock

I'm not sure we want to determine which licenses are "even more lenient" though. We may just want a default list of acceptable licenses that people can then customize.

jamonholmgren avatar Dec 20 '17 19:12 jamonholmgren

I like this. So when you add the rule, there's a list with delineations on obligations it puts on the consumer of the licensed code. "Must include attribution" etc.

GantMan avatar Dec 21 '17 15:12 GantMan

This is a killer use case for solidarity, btw.

jamonholmgren avatar Dec 22 '17 05:12 jamonholmgren

To check: Build around this https://github.com/davglass/license-checker

GantMan avatar Feb 07 '18 22:02 GantMan

That's a great idea. On Wed, Feb 7, 2018 at 5:18 PM Gant Laborde [email protected] wrote:

To check: Build around this https://github.com/davglass/license-checker

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/infinitered/solidarity/issues/145#issuecomment-363930123, or mute the thread https://github.com/notifications/unsubscribe-auth/ACyh-B9BPy8pqYmmTvVjc9-D6jj-1pOmks5tSiElgaJpZM4RHdUQ .

tabrindle avatar Feb 07 '18 22:02 tabrindle

Example API:

enforce licenses rule whitelist

"License Stuff": {
  {"rule": "custom", "plugin":"license", "name": "enforceLicenses", "whitelist": [
      "MIT", "ISC", "BSD-3*", "BSD-2*", "Unlicense", "Public Domain", "Apache", "WTFPL", "CC*"
    ], 
    "ignore": ['dumb-node-module', 'module-cuasing-failure-but-license-known']
  }
}

succeeds as long as all modules and sub-modules (not explicitly ignored) fit the given whitelist.

enforce licenses rule blacklist

"License Stuff": {
  {"rule": "custom", "plugin":"license", "name": "enforceLicenses", "blacklist": [
      "BSD-2*", "Apache*"
    ],
    "ignore": ['dumb-node-module', 'module-cuasing-failure-but-license-known']
  }
}

succeeds as long as all modules and sub-modules (not explicitly ignored) do not have a license identified with the blacklist.

Add the feature where the rule only pertains to production or development.

"License Stuff": {
  {"rule": "custom", "plugin":"license", "name": "enforceLicenses", "whitelist": [
      "MIT", "ISC", "BSD-3*", "BSD-2*", "Unlicense", "Public Domain", "Apache", "WTFPL", "CC*"
    ], 
    "ignore": ['dumb-node-module', 'module-cuasing-failure-but-license-known'],
    "scope": "production"
  }
}

scope can be "production" | "prod" | "development" | "dev" | "all" (default is all)

GantMan avatar Feb 07 '18 23:02 GantMan

Can use this in reports:

https://tldrlegal.com/

GantMan avatar Feb 08 '18 04:02 GantMan

I like the API @GantMan. 👍 👍

jamonholmgren avatar Feb 09 '18 02:02 jamonholmgren

Legit. I want this. Hurry! They're coming!!!

skellock avatar Feb 09 '18 14:02 skellock

Possible plugin game changer. https://github.com/fossas/fossa-cli

GantMan avatar Mar 15 '18 17:03 GantMan