Utility to parse npm packages used in a project and generate an attribution file to include in your product.
Local installation:
npm i whoss
or
yarn add whoss
Global installation:
npm i -g whoss
or
yarn global add whoss
cd pathToYourProject
whoss
git add ./oss-attribution
git commit -m 'adding open source attribution output from whoss'
Use the --help argument to get further usage details about the various program arguments:
whoss --help
Sometimes, you may have an "internal" module which you/your team developed, or a module where you've arranged a special license with the owner. These wouldn't belong in your license attributions, so you can ignore them by creating an overrides.json file like so:
{
"signaling-agent": {
"ignore": true
}
}
Other times, you may need to supply your own text for the purpose of the attribution/credits. You have full control of this in the overrides.json file as well:
{
"some-package": {
"name": "some-other-package-name",
"version": "1.0.0-someotherversion",
"authors": "some person",
"url": "https://thatwebsite.com/since/their/original/link/was/broken",
"license": "MIT",
"licenseText": "you can even override the license text in case the original contents of the LICENSE file were wrong for some reason"
}
}
For a large project with multiple maintainers you will probably want to run this on your CI build server, so that the attributions are always up to date.
Like most software, this component is built on the shoulders of giants; whoss was inspired in part by the following work: