Is this project dead?
johnthagen opened this issue · comments
There have been no commits for 1.5 years: https://github.com/davglass/license-checker/commits/master
Perhaps the README should be updated that this project is abandoned, if it is?
Related: #223 (comment)
See https://github.com/RSeidelsohn/license-checker-rseidelsohn as a possible active fork.
Looks dead to me, as well.
Possible replacement: https://github.com/microsoft/license-checker-webpack-plugin
@davglass is taking sabbatical from Open Source
@Bosch-Eli-Black @johnthagen we just forked it and are going to extend / continue to support work on at @bluenovaio. We will need to take some time to review the issues that are open and try and get the reporter to open on our repository once we are ready.
We will need to review license and other documents to adhere with our standards.
That's great. Please take a look at https://github.com/RSeidelsohn/license-checker-rseidelsohn as they fork added some nice fixes and improvements as well.
@zrosenbauer Cool! 🙂 I've starred your project.
Since @RSeidelsohn's fork is still active, pinging him for awareness. Perhaps you two can collaborate. Would be great to have this project revived. ❤️
Yes, this project should not die. I love my job as a FE dev, but it's a full time job and in my spare time I care for my wife and our two children, which is pretty time consuming. Also, I try to find time for my (other) hobby as well - home brewing. So I do not find too much time caring for this project. Yet it is great for giving a small contribution to the community and it helps honing my skills and it is fun as well. So that being said, I try to do my best, yet I happily accept pull requests. This project is really small and should be great for beginning contributors as well.
I try to take care of the current two requests, hopefully next week end.
Cheers and thanks for the pings!
@RSeidelsohn can you shoot me an email at zac@bluenova.io, I'd love to chat briefly about this project with you if you have a chance. Cheers.
@Bosch-Eli-Black @johnthagen we just forked it and are going to extend / continue to support work on at @bluenovaio. We will need to take some time to review the issues that are open and try and get the reporter to open on our repository once we are ready.
We will need to review license and other documents to adhere with our standards.
@zrosenbauer is the bluenovaio fork defunct or moved? The link doesn't appear to work for me.
As someone looking to use this tool, should I be using the rseidelsohn fork or the bluenovaio fork?
As someone looking to use this tool, should I be using the rseidelsohn fork or the bluenovaio fork?
I've found @RSeidelsohn's fork to work great. He's fixed several issues with the base repo. I haven't had any issues with his fork.
@johnthagen @Bosch-Eli-Black @RSeidelsohn @brebory @zrosenbauer As the author of webpack-license-plugin and someone responsible for JavaScript ecosystem OSS license compliance in a larger company, I would love to hear more about your use cases. Why are you using license-checker? What problem does it help you solve?
@codepunkt We use a fork of license-checker to generate a static license report of all NPM dependencies to include with the built frontend to comply with OSS licenses requirements. We host this so that we can provide a link in our app for end users to view the licenses. This also helps give credit to these upstream packages.
Here is an example of creating such a report:
We have a similar use case as @johnthagen: We generate a static license report of all NPM dependencies and feed that to a an OSS license scanner tool (similar to Blackduck).
We're currently using https://github.com/microsoft/license-checker-webpack-plugin, but that's repo is no longer maintained, as the owner of the repo is no longer at Microsoft.
@codepunkt We use a fork of
license-checkerto generate a static license report of all NPM dependencies to include with the built frontend to comply with OSS licenses requirements. We host this so that we can provide a link in our app for end users to view the licenses. This also helps give credit to these upstream packages.Here is an example of creating such a report:
@johnthagen That's what I was suspecting most people would do with license-checker. Are you using webpack or rollup to build/bundle the frontends?
We have a similar use case as @johnthagen: We generate a static license report of all NPM dependencies and feed that to a an OSS license scanner tool (similar to Blackduck).
We're currently using https://github.com/microsoft/license-checker-webpack-plugin, but that's repo is no longer maintained, as the owner of the repo is no longer at Microsoft.
@Bosch-Eli-Black Switching to license-checker is problematic. You will get a lot of false positives and false negatives with your webpack build. We're building a large b2b application consisting of multiple microfrontends, each of them being a react app built with webpack. Using license-checker with settings like those shown from @johnthagen gave us a list of roughly 400 packages for our bill of materials. However, the real build output only includes ~250 packages - 50 of which are not included in the list given by license-checker. As it turns out, the only viable way to do this is to hook directly into the build process, because only the build tool or bundler knows what optimizations it makes. Which parts of the code are stripped out in production builds? What can be tree-shaken? Which parts of dependencies of dependencies are included in the build output that are not listed as dependencies, but devDependencies or optionalDependencies etc. Feel free to also take a look at webpack-license-plugin for your purposes.
I'm not trying to dismiss the awesome work the author and maintainer has done here. This repository was the starting point for our license compliance tooling aswell. I'm just trying to be realistic here - it is not a good choice if license compliance is important to you or your company to use it to generate bills of material.