Skip to content
πŸ“‘ A CLI to help you get insight into your projects' licenses
JavaScript
Branch: master
Clone or download
Latest commit 0d5da47 Aug 2, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Delete unused file Aug 3, 2019
commands Add missing text Aug 3, 2019
helpers 🚒 Initial commit Aug 2, 2019
.gitignore Eviscerate package-lock.json Aug 2, 2019
CODE_OF_CONDUCT.md
LICENSE 🚒 Initial commit Aug 2, 2019
README.md typo fix in readme Aug 3, 2019
helpers.js 🚒 Initial commit Aug 2, 2019
package.json 1.0.2 Aug 3, 2019

README.md

delice

delice is a CLI intended to help you gain insight into your dependencies licenses.

Usage

Via npx:

npx delice

Via global install:

npm install delice -g
delice

Commands

Currently, there is only a default command:

delice [directory]

Running delice by itself will check the current working directory's node_modules directory. If you pass a directory, that directory's node_modules directory will be searched.

Options

  • --version: Boolean. Show version number
  • -h, --help: Boolean. Show help
  • -j, --json Boolean. Return JSON rather than a human-readable CLI output.

Output

  • License Expression
    • A license expression that occured inside of node_modules
  • Occurances
    • Number of times a license was read from a package.json in the given directory
  • Conformance
    • A set of data about license conformance
    • See the module, conformance, for more information.
  • Packages
    • A list of all packages that fall under a license

Reasoning

Currently, most well-maintained tooling around licensing is pay-to-play. You need to pay to understand what you're consuming and how. The intent of delice (and liblice and conformance) is to help begin to surface more of this information in an open-source, accessible way.

delice is intended to be the CLI approach to this problem. Ideally, you can pop a delice configuration into your project and then fail if certain license conditions occur with the modules in your application. Additionally, being able to install a delice config as a dependency in your projects and validate via that path would be the end-game.

Continued Development

Basically a roadmap.

Coming soon

  • --ci flag that will fail on bad licenses
  • .delicerc / package.json property that will allow you to configure licenses and conditions that will pass/fail
  • filter by license: delice license mit
  • filter by package: delice package mit
  • list of all licenses, no dependencies or other metadata
  • use spdx-correct to validate license expressions that are slightly not correct (probably in liblice)
  • features you'd like to see?

Maybe in the future, if people want it

  • differentiation of dependencies vs. devDependencies
  • dry runs as a first-class (dependency resolution and check licenses without installing to disk)
  • features you'd like to see?

Probably in the future

  • npm install delice-${name}-config to follow a specific configuration with zero effort
  • features you'd like to see?

Related Projects

Both liblice and conformance are modules that were originally part of the delice codebase, but were split out since they were valuable on their own and more maintainable if they were out of the CLI.

What is liblice?

liblice is the module that does the majority of the work to build out the data that delice surfaces to you. If you're looking to programatically get the kind of inofrmation you'd get from delice, check out liblice.

What is conformance?

conformance specifically looks at a license string and provides hopefully relevant metadata about that license from the perspective of SPDX and the intersection SPDX and the Open Source Initiative and the Free Software Foundation. Currently, it's strictly limited to SPDX information, but could be expanded in the future should there be interest.

You can’t perform that action at this time.