forked from angular/angular-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest-licenses.js
130 lines (111 loc) · 4.28 KB
/
test-licenses.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
require('../lib/bootstrap-local');
const path = require('path');
const chalk = require('chalk');
const spdxSatisfies = require('spdx-satisfies');
const Logger = require('@ngtools/logger').Logger;
require('rxjs/add/operator/filter');
// Configure logger
const logger = new Logger('test-licenses');
logger.subscribe((entry) => {
let color = chalk.white;
let output = process.stdout;
switch (entry.level) {
case 'info': color = chalk.white; break;
case 'warn': color = chalk.yellow; break;
case 'error': color = chalk.red; output = process.stderr; break;
case 'fatal': color = (x) => chalk.bold(chalk.red(x)); output = process.stderr; break;
}
output.write(color(entry.message) + '\n');
});
logger
.filter((entry) => entry.level == 'fatal')
.subscribe(() => {
process.stderr.write('A fatal error happened. See details above.');
process.exit(1);
});
/**
* A general note on some black listed specific licenses:
* - CC0
* This is not a valid license. It does not grant copyright of the code/asset, and does not
* resolve patents or other licensed work. The different claims also have no standing in court
* and do not provide protection to or from Google and/or third parties.
* We cannot use nor contribute to CC0 licenses.
* - Public Domain
* Same as CC0, it is not a valid license.
*/
const licensesWhitelist = [
// Regular valid open source licenses supported by Google.
'MIT',
'ISC',
'Apache-2.0',
'BSD-2-Clause',
'BSD-3-Clause',
'BSD-4-Clause',
// All CC-BY licenses have a full copyright grant and attribution section.
'CC-BY-3.0',
'CC-BY-4.0',
// Have a full copyright grant. Validated by opensource team.
'Unlicense',
// Combinations.
'(AFL-2.1 OR BSD-2-Clause)',
'(MIT OR CC-BY-3.0)',
'(MIT OR Apache-2.0)',
];
// Name variations of SPDX licenses that some packages have.
// Licenses not included in SPDX but accepted will be converted to MIT.
const licenseReplacements = {
// Just a longer string that our script catches. SPDX official name is the shorter one.
'Apache License, Version 2.0': 'Apache-2.0',
'Apache2': 'Apache-2.0',
'AFLv2.1': 'AFL-2.1',
// BSD is BSD-2-clause by default.
'BSD': 'BSD-2-Clause',
};
// Specific packages to ignore, add a reason in a comment. Format: package-name@version.
const ignoredPackages = [
'spdx-license-ids@2.0.1', // CC0 but it's content only (index.json, no code) and not distributed.
'map-stream@0.1.0', // MIT, license but it's not listed in package.json.
'xmldom@0.1.27', // LGPL,MIT but has a broken licenses array.
'jsonify@0.0.0', // TODO(hansl): fix this. this is not an acceptable license, but is 8 deps down
// so hard to manage. In talk with owner and users to switch over.
];
// Find all folders directly under a `node_modules` that have a package.json.
const checker = require('license-checker');
checker.init({ start: path.join(__dirname, '..') }, (err, json) => {
if (err) {
logger.fatal(`Something happened:\n${err.message}`);
} else {
logger.info(`Testing ${Object.keys(json).length} packages.\n`);
// Packages with bad licenses are those that neither pass SPDX nor are ignored.
const badLicensePackages = Object.keys(json)
.map(key => {
return {
id: key,
licenses: []
.concat(json[key].licenses)
.map(x => x.replace(/\*$/, '')) // `*` is used when the license is guessed.
.map(x => x in licenseReplacements ? licenseReplacements[x] : x),
};
})
.filter(pkg => !passesSpdx(pkg.licenses, licensesWhitelist))
.filter(pkg => !ignoredPackages.find(ignored => ignored === pkg.id));
// Report packages with bad licenses
if (badLicensePackages.length > 0) {
logger.error('Invalid package licences found:');
badLicensePackages.forEach(pkg => logger.error(`${pkg.id}: ${JSON.stringify(pkg.licenses)}`));
logger.fatal(`\n${badLicensePackages.length} total packages with invalid licenses.`);
} else {
logger.info('All package licenses are valid.');
}
}
});
// Check if a license is accepted by an array of accepted licenses
function passesSpdx(licenses, accepted) {
return accepted.some(l => {
try {
return spdxSatisfies(licenses.join(' AND '), l);
} catch (_) {
return false;
}
});
}