LicenseFinder icon indicating copy to clipboard operation
LicenseFinder copied to clipboard
verified publisher icon pivotal

Generic license finder file

Open kaystrobach opened this issue 6 years ago • 0 comments

Problem to solve

  • use license finder for all possible package managers with a package manager specific plugin

Further details / Proposal

  • currently license finder tries to implement package manager specific code by reading the lock files
  • the package managers natively also support licenses and most of them (like composer and yarn) allow to run scripts directly after an install or upgrade
  • these scripts / plugins should be used to let the package manager extract the license information in a file with the following naming convention: license.<packagemanager>.json which can then be committed to the repo easily.
  • this also reduces the complexity, as the license report generator can be set as dev dependency
  • additionally the maintainers of the package managers may natively support the license information generation

this architecture is already used by the gradle plugin:

  • https://github.com/pivotal-legacy/LicenseFinder#gradle-projects

What does success look like, and how can we measure that?

  • define format for license.<packagemanager>.json
  • read format and add it to the license report

Relations

  • related #518 (composer licenses)

kaystrobach avatar Feb 13 '19 13:02 kaystrobach