license locker

Lock files are common for dependencies. But how do we make sure we are only using libraries that have compatible licenses? The idea of the license locker is to generate lock files, which are basically a list of libraries and their licenses, and have some periodic check (eg. integrated into CI) to make sure no unwanted dependency with an incompatible license sneaked in.

Usage

Generate lock file:

./license-locker.sh --generate

Check whether lock file is up to date:

./license-locker.sh --check

Options

--packager package manager. This option is optional and if not specified, this script tries to guess. Currently supported: npm (via license-checker) and cargo (via cargo-license)

Typical workflow

Initial Setup

generate lock file and commit it to the version control system

When adding a new dependency

generate lock file (will be overwritten) and commit update to version control system

Periodically

run --check to make sure nobody forgot to update the lock file

Contributions

Contributions are very welcome. When making a pull request, please make sure the script passes all checks from shellcheck.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.travis.yml		.travis.yml
LICENSE		LICENSE
README.md		README.md
license-locker.sh		license-locker.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Licenses found

Repository files navigation

license locker

Usage

Options

Typical workflow

Initial Setup

When adding a new dependency

Periodically

Contributions

About

Licenses found

Releases

Packages

Languages

License

Licenses found

rethab/license-locker

Folders and files

Latest commit

History

Repository files navigation

license locker

Usage

Options

Typical workflow

Initial Setup

When adding a new dependency

Periodically

Contributions

About

Topics

Resources

License

Licenses found

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages