ci: license checker #18
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
📝 WalkthroughWalkthroughAdds a CI "Check licenses" step to .github/workflows/ci.yml (runs Sequence Diagram(s)sequenceDiagram
autonumber
actor Dev as Developer
participant GH as GitHub Actions
participant Job as check_licenses
participant NPM as npm
participant LC as license-checker-rseidelsohn
Dev->>GH: Push / open PR
GH->>Job: trigger check_licenses job
Job->>Job: checkout, setup-node, npm ci
Job->>NPM: run "npm run check-licenses"
NPM->>LC: invoke with allowlist & exclusions
LC-->>NPM: produce report + exit code
alt exit code 0
Job-->>GH: job succeeds
GH-->>Dev: success status
else exit code != 0
Job-->>GH: job fails with report
GH-->>Dev: failure status
end
Possibly related PRs
Pre-merge checks❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: ASSERTIVE Plan: Pro 📒 Files selected for processing (2)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
package.json (1)
2058-2058: Fix Windows quoting for--onlyAllow.Single quotes break the allowlist on Windows shells; we still need escaped double quotes so the CI is portable.
-"check-licenses": "npx license-checker-rseidelsohn --onlyAllow 'MIT;Apache-2.0;ISC;BSD-2-Clause;BSD-3-Clause;0BSD;Python-2.0;CC0-1.0;CC-BY-3.0;CC-BY-4.0;Unlicense;BlueOak-1.0.0;MPL-2.0' --excludePrivatePackages --excludePackages 'bootstrap-less@3.3.8'", +"check-licenses": "npx license-checker-rseidelsohn --onlyAllow \"MIT;Apache-2.0;ISC;BSD-2-Clause;BSD-3-Clause;0BSD;Python-2.0;CC0-1.0;CC-BY-3.0;CC-BY-4.0;Unlicense;BlueOak-1.0.0;MPL-2.0\" --excludePrivatePackages --excludePackages \"bootstrap-less@3.3.8\"",
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/ci.yml(1 hunks)package.json(1 hunks)
🧰 Additional context used
🪛 GitHub Actions: CI
.github/workflows/ci.yml
[warning] 1-1: Code style issues found in the file. Run Prettier to fix.
- Fix trailing whitespace in .github/workflows/ci.yml - Add BSD and 'Apache v2' to allowed licenses (alternate naming for BSD-2-Clause and Apache-2.0) - Exclude 4 devDependencies with WTFPL license: chai-as-promised, esbuild-plugin-less, truncate-utf8-bytes, utf8-byte-length - Exclude eslint-plugin-local-rules (local package with UNKNOWN license) All excluded packages are devDependencies used only for testing/building and are not bundled with the extension.
jamesbhobbs
commented
Oct 2, 2025
Artmann
approved these changes
Oct 3, 2025
This was referenced Oct 10, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes OSS-107
Summary by CodeRabbit