New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature request: list license for deps #2825
Comments
I am not sure about adding a new field to the lockfile but we can probably support listing the licenses via some command. Or if there is an existing project that does that, maybe we can ask for pnpm support. |
For sure, I just happened to be looking at the lockfile and it seemed like a good idea at the time. Getting the data is more of a concern than where it comes from. davglass/license-checker#197 is a request to support pnpm in the tool we were using with lerna+npm.. Maybe a better question is if I can run that at the root of the virtual store? |
We also happen to need this to generate a list of dependency and their license EDIT: I made a fix but honestly the setup is too much of PITA to contribute back, I can't get the test to even pass without my changes so I can't write the tests for the changes. Hopefully the devs can take it up from here. |
There is an ongoing PR: #4851 |
License compliance is another thing IMO, in most cases you do just want to have the author and license plain to automate attribution when you already know you are compliant. |
I am glad that this issue is on the table since the topic gets more and more important. I transitionend to pnpm because it seemed to me, that pnpm has the biggest heart for monorepos. Therefore please dont forget them here aswell. |
Considering the PR is stalled, how big of a change would it be to incorporate my changes? |
Make a PR |
Introduces a new command `licenses`-command which allows to list the licenses of the packages refs pnpm#2825
Introduces a new command `licenses`-command which allows to list the licenses of the packages refs pnpm#2825
Would love to see this feature merged in pnpm, as it's currently a blocker for us (Trainline) to use pnpm. Unfortunately there does not seem to be another solution here, at least as far as I know. Also, I would like to thank you for working on this, it's going to be incredibly helpful! |
The license is now included in the list command. That is what we use at Caido to ensure compliance. With the json flag it is easy to parse. |
@Sytten has this just been released now? I tried running |
There is an ongoing PR: #5567 |
Introduces a new command `licenses`-command which allows to list the licenses of the packages refs pnpm#2825
Introduces a new command `licenses`-command which allows to list the licenses of the packages refs pnpm#2825
Yes. I am in the same boat needed this functionality to be able to use it at work. We are using Gitlab at work and for the license scanning they use pivotal’s license finder. I will finish my PR over there now that the new version with the command is included. Let me know, how the command works for you, :) @LucaColonnello Any chance that Trainline uses Gitlab too 😇 |
This doesn't seem to work with workspaces. I get |
feature request: list license for deps
pnpm version:
5.5.10
Expected behavior:
We often need to examine the full list of licenses for everything in our dependency chain. It would be great if pnpm had the ability to record licenses as part of the lockfile metadata and output that info in in
pnpm list
output, either as an additional arg, or as part of the json outputAdditional information:
node -v
prints: v12.14.1The text was updated successfully, but these errors were encountered: