Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement 'licenseChecker' config option to change how dependency licenses are matched against allowedLicenses #297

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

implement 'licenseChecker' config option to change how dependency licenses are matched against allowedLicenses #297

wants to merge 1 commit into from

Conversation

balrok
Copy link
Contributor

@balrok balrok commented Apr 17, 2024
edited
Loading

The default behavior is that a dependency is fine when any of its
licenses are found inside allowedLicenses. This may miss dependencies,
which contain multiple licenses.

When 'AllRequiredLicenseChecker' is set, it will only approve a
dependency when all of its discovered licenses are found in the
allowedLicenses. This may report false-positives for dependencies which are
dual-licensed. But in general I think a false-positive is better than
missing a license violation.

This fixes #285

@balrok balrok mentioned this pull request Apr 25, 2024
Open
@balrok balrok marked this pull request as draft May 8, 2024 07:56
@balrok balrok force-pushed the feature/require-all-licenses-check branch from 9b9663d to cb795e2 Compare May 17, 2024 21:37
@balrok balrok changed the title implement 'requireAllLicensesAllowed' config option to change how dependency licenses are matched against allowedLicenses implement 'licenseChecker' config option to change how dependency licenses are matched against allowedLicenses May 17, 2024
@balrok balrok marked this pull request as ready for review May 17, 2024 21:45
@balrok balrok force-pushed the feature/require-all-licenses-check branch from cb795e2 to 2309af3 Compare May 18, 2024 13:39
@balrok balrok force-pushed the feature/require-all-licenses-check branch from 2309af3 to f5701f9 Compare May 26, 2024 20:35
@balrok
implement 'LicenseChecker' config option to change how dependency lic…
456809c 
…enses are matched against allowedLicenses

The default behavior is that a dependency is fine when any of its
licenses are found inside allowedLicenses. This may miss dependencies,
which contain multiple licenses.

When 'AllRequiredLicenseChecker' is set, it will only approve a
dependency when all of its discovered licenses are found in the
allowedLicenses. This may report false-positives for dependencies which are
dual-licensed. But in general I think a false-positive is better than
missing a license violation.

This fixes jk1#285
@balrok balrok force-pushed the feature/require-all-licenses-check branch from f5701f9 to 456809c Compare May 26, 2024 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Licensecheck will not fail when one of multiple licenses in a dependency are not allowed
1 participant
@balrok