New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support filtering in licenses list
in a monorepo
#5806
Comments
I am trying to work on this over the holidays. I think this is a useful feature. I only need to find a way how to convert the |
At first it appeared that However looking at the implementation: pnpm/reviewing/license-scanner/src/licenses.ts Lines 66 to 108 in d583fbb
it appears that manifest is not currently used in the function 😁 However this would be the overall implementation point in the API if it was going to be attempted to be patched, etc. |
What do you mean by incorporating this feature to the Node API? Like to node.js CLI? But this only works with the pnpm lockfile. It doesn't work with npm or Yarn. |
I was looking to implement something very similar, but I was not planning to use the cli to accomplish it, rather, using the packages and their API's. In fact, it appears that this is possible today by just passing a filtered import { ProjectManifest, Registries, IncludedDependencies } from '@pnpm/types';
import { filterLockfileByImporters } from "@pnpm/filter-lockfile";
import { Lockfile, readWantedLockfile } from '@pnpm/lockfile-file';
import { findDependencyLicenses, LicensePackage } from '@pnpm/license-scanner';
/*...*/
const include: IncludedDependencies = {
dependencies: true,
devDependencies: false,
optionalDependencies: false
};
const lockfile: Lockfile | null = await readWantedLockfile(pnpmLockfilePath, { ignoreIncompatible: false });
const projectDependencies: LicensePackage[] = await findDependencyLicenses({
include,
manifest,
lockfileDir,
registries: {} as Registries,
wantedLockfile: filterLockfileByImporters(lockfile, ['../../some/importer/name'], {include, skipped: new Set(), failOnMissingDependencies: false}),
virtualStoreDir,
storeDir
}); Nevertheless it would be very cool to incorporate both api's together into one cli feature in some way. |
👍 this feature would be useful |
Describe the user story
When using
pnpm licenses list
in a monorepo, it currently lists all dependencies of all projects. But this command could be useful in generating aNOTICE
file for distribution with proper attribution for user FOSS packages, for such a case, we need to filter the dependencies to only the dependencies used by a particular package in a monorepo (Recursively, so you also get dependencies of dependencies as so on)Describe the solution you'd like
Support filtering in
pnpm licenses list
Describe the drawbacks of your solution
The complexity of implementing this. I'm not sure how easy it would be. I'm not sure if the currently implementation just dumps everything from the lockfile without any knowledge of what comes from which package in a monorepo.
Describe alternatives you've considered
Use an external tool. But I couldn't find any good one for this purpose, especially one that works in a monorepo, and they will have to know about pnpm's monorepo layout.
The text was updated successfully, but these errors were encountered: