You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: license-kit dependency scan config - transitive & dev dependencies; adjusted behaviour for --error-on-weak (#47)
* feat: dependency scanning configuration for transitive & development dependencies
* docs: updated license-kit options listing in docs
* feat: updated license-kit help options listing & formatting
* feat: license-kit --dev-deps-mode flag set to 'root-only' by default
* docs: described discrepancy of license-kit & shared package default values for dev dependency mode
* docs: update CLI's default --dev-deps-mode value in README.md
* feat: adjust CLI copyleft command behaviour depending on --error-on-weak, adjusted exit codes & help
* docs: updated docs with exit adjusted codes
Copy file name to clipboardExpand all lines: docs/docs/docs/programmatic-usage.mdx
+27Lines changed: 27 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -95,3 +95,30 @@ The tool recognizes various license types:
95
95
:::info
96
96
If a monorepo package is private, its name and license won't be included in the license list, but its dependencies will still be scanned and included.
97
97
:::
98
+
99
+
### Default `scanOptionsFactory` value
100
+
101
+
The default value for the optional `scanOptionsFactory` parameter in `scanPackage` & `scanDependencies` functions is set to the following:
102
+
103
+
```typescript
104
+
{
105
+
includeTransitiveDependencies: true,
106
+
includeDevDependencies: false,
107
+
}
108
+
```
109
+
110
+
Which can be found in [`ScanPackageOptions.ts`](/packages/shared/src/types/ScanPackageOptions.ts).
111
+
112
+
:::warning
113
+
This default `includeDevDependencies` behaviour is different from the default values of `license-kit` CLI's equivalent flag `--dev-deps-mode`, which is set to `root-only` by default.
114
+
115
+
To achieve the same default behaviour as in the CLI (`root-only`), set `includeDevDependencies` to `isRoot` in the programmatic API:
Check for copyleft licenses. Exits with error code (≠ 0) if strong copyleft licenses are found.
63
+
Check for copyleft licenses. Exits with error code (≠ 0) if strong copyleft licenses are found. Can be configured to exit with non-zero exit code if weak copyleft licenses are found as well.
|`--tm, --transitive-deps-mode [mode]`| Controls, which transitive dependencies are included: <ul><li>`'all'`</li> <li>`'from-external-only'` (only transitive dependencies of direct dependencies specified by non-workspace:... specifiers)</li> <li>`'from-workspace-only'` (only transitive dependencies of direct dependencies specified by `workspace:` specifier)</li> <li>`'none'`</li></ul> |`'all'`|
74
+
|`--dm, --dev-deps-mode [mode]`| <ul><li>`'root-only'` (only direct devDependencies from the scanned project's root package.json)</li> <li>`'none'`</li></ul> |`'root-only'`|
75
+
|`--root [path]`| Path to the root of your project | Current working directory |
76
+
|`--error-on-weak`| Exit with error code if weak copyleft licenses are found |`false`|
69
77
70
78
#### Command: `report`
71
79
72
80
Generates a licenses report in the specified format. The output can be written to `stdout` (default) or a file.
|`--tm, --transitive-deps-mode [mode]`| Controls, which transitive dependencies are included: <ul><li>`'all'`</li> <li>`'from-external-only'` (only transitive dependencies of direct dependencies specified by non-workspace:... specifiers)</li> <li>`'from-workspace-only'` (only transitive dependencies of direct dependencies specified by `workspace:` specifier)</li> <li>`'none'`</li></ul> |`'all'`|
85
+
|`--dm, --dev-deps-mode [mode]`| <ul><li>`'root-only'` (only direct devDependencies from the scanned project's root package.json)</li> <li>`'none'`</li></ul> |`'root-only'`|
86
+
|`--root [path]`| Path to the root of your project | Current working directory |
87
+
|`--format [type]`| Output format, one of: `'json'`, `'about-json'` (AboutLibraries-compatible), `'text'`, `'markdown'`|`'json'`|
88
+
|`--output [path]`| Where to write the output - either `'stdout'` or a path to an output file |`'stdout'`|
79
89
80
90
#### Command: `help`
81
91
@@ -101,4 +111,12 @@ General options that can be passed to the CLI with after any command.
101
111
102
112
## Additional details
103
113
114
+
:::warning
115
+
While the `--dev-deps-mode` option is set to `root-only` by default in the CLI, the programmatic API package has a default value for the optional `scanOptionsFactory` that has `includeDevDependencies` set to `false` by default (equivalent of CLI's `none`).
116
+
117
+
The reason for this discrepancy is to provide default behaviour backwards compatibility & consistency for the shared package while maintaining usability of the CLI. Sometimes bundlers do not take into account the fact the a dependency is a `devDependency`, which results in them being bundled. Therefore, the CLI by default aggregates their licenses as well.
118
+
119
+
If you want the same behaviour as in the programmatic API, you can set the `--dm` option to `none` when running the CLI.
120
+
:::
121
+
104
122
For more notes on the mechanics of the tool, please see [core additional details section](/docs/programmatic-usage#additional-details).
Check for copyleft licenses. Exits with error code (≠ 0) if strong copyleft licenses are found.
57
+
Check for copyleft licenses. Exits with error code (≠ 0) if strong copyleft licenses are found. Can be configured to exit with non-zero exit code if weak copyleft licenses are found as well.
|`--tm, --transitive-deps-mode [mode]`| Controls, which transitive dependencies are included: <ul><li>`'all'`</li> <li>`'from-external-only'` (only transitive dependencies of direct dependencies specified by non-workspace:... specifiers)</li> <li>`'from-workspace-only'` (only transitive dependencies of direct dependencies specified by `workspace:` specifier)</li> <li>`'none'`</li></ul> |`'all'`|
68
+
|`--dm, --dev-deps-mode [mode]`| <ul><li>`'root-only'` (only direct devDependencies from the scanned project's root package.json)</li> <li>`'root-only'`</li></ul> |`'none'`|
69
+
|`--root [path]`| Path to the root of your project | Current working directory |
70
+
|`--error-on-weak`| Exit with error code if weak copyleft licenses are found |`false`|
63
71
64
72
#### Command: `report`
65
73
66
74
Generates a licenses report in the specified format. The output can be written to `stdout` (default) or a file.
|`--tm, --transitive-deps-mode [mode]`| Controls, which transitive dependencies are included: <ul><li>`'all'`</li> <li>`'from-external-only'` (only transitive dependencies of direct dependencies specified by non-workspace:... specifiers)</li> <li>`'from-workspace-only'` (only transitive dependencies of direct dependencies specified by `workspace:` specifier)</li> <li>`'none'`</li></ul> |`'all'`|
79
+
|`--dm, --dev-deps-mode [mode]`| <ul><li>`'root-only'` (only direct devDependencies from the scanned project's root package.json)</li> <li>`'root-only'`</li></ul> |`'none'`|
80
+
|`--root [path]`| Path to the root of your project | Current working directory |
81
+
|`--format [type]`| Output format, one of: `'json'`, `'about-json'` (AboutLibraries-compatible), `'text'`, `'markdown'`|`'json'`|
82
+
|`--output [path]`| Where to write the output - either `'stdout'` or a path to an output file |`'stdout'`|
0 commit comments