You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm in the process of trying to switch over to using https://github.com/google/osv-scanner 's license checker, which uses deps.dev for this. I've raised a few bugs there, but I think this feature request belongs here.
I wonder if deps.dev team might be interesting in setting up something similar, obviously slightly broader in scope due to handling multiple ecosystems. My team is reliant on these corrections, as we have many deps with license metadata problems where the maintainer hasn't done a release in ~10 years, e.g. tj/callsite#9 . Even though we could publish forked packages, and use transitive dependency "overrides", in a heavily regulated industry that is a bigger headache than locally adding explicit allows in a config. It makes sense to have a global/shared list of explicit license fixups that everyone can benefit from, streamlining adoption of license tooling.
I'm in the process of trying to switch over to using https://github.com/google/osv-scanner 's license checker, which uses deps.dev for this. I've raised a few bugs there, but I think this feature request belongs here.
https://github.com/jslicense/licensee.js includes a few license helpers in order to get the job done.
A dataset of corrections: https://github.com/jslicense/npm-license-corrections.json
I wonder if deps.dev team might be interesting in setting up something similar, obviously slightly broader in scope due to handling multiple ecosystems. My team is reliant on these corrections, as we have many deps with license metadata problems where the maintainer hasn't done a release in ~10 years, e.g. tj/callsite#9 . Even though we could publish forked packages, and use transitive dependency "overrides", in a heavily regulated industry that is a bigger headache than locally adding explicit allows in a config. It makes sense to have a global/shared list of explicit license fixups that everyone can benefit from, streamlining adoption of license tooling.
https://github.com/jslicense/spdx-correct.js to automatically correct licenses.
https://github.com/jslicense/spdx-exceptions.json in case understanding/validating spdx exceptions is a desired feature.
The text was updated successfully, but these errors were encountered: