Skip to content

Add npm check to validate no unwanted licenses are used in node modules#27832

Merged
findepi merged 1 commit intotrinodb:masterfrom
gertjanal:npm-agpl-check
Feb 12, 2026
Merged

Add npm check to validate no unwanted licenses are used in node modules#27832
findepi merged 1 commit intotrinodb:masterfrom
gertjanal:npm-agpl-check

Conversation

@gertjanal
Copy link
Copy Markdown
Contributor

@gertjanal gertjanal commented Jan 2, 2026
edited
Loading

Description

Added npm run check:licenses to check if the package-lock.json contains any unwanted license like AGPL.

Live demo in this PR #27779

[INFO] > webapp-preview@0.0.0 check:licenses
[INFO] > TEMP=$(mktemp); jq .packages[].license package-lock.json | grep -v 'null' | sort | uniq > $TEMP; DIFFERENCES=$(grep -vxf ../allowed-licenses.txt $TEMP); DIFF_COUNT=$(echo -n $DIFFERENCES | wc -c); rm $TEMP; if [ $DIFF_COUNT != '0' ]; then echo '\033[0;31mLicense found in package-lock.json that is not in allowed-licenses.txt'; echo $DIFFERENCES; exit 1; fi
[INFO] 
[INFO] License found in package-lock.json that is not in allowed-licenses.txt
[INFO] "AGPL-3.0-or-later"
[INFO]

Release notes

( X ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

@cla-bot cla-bot Bot added the cla-signed label Jan 2, 2026
@github-actions github-actions Bot added the ui Web UI label Jan 2, 2026
@gertjanal gertjanal marked this pull request as ready for review January 6, 2026 19:36
@gertjanal gertjanal mentioned this pull request Jan 6, 2026
Closed
@gertjanal gertjanal requested review from findepi and martint January 6, 2026 19:37
@gertjanal gertjanal marked this pull request as draft January 6, 2026 19:58
@gertjanal gertjanal force-pushed the npm-agpl-check branch 2 times, most recently from f59bc87 to 9f2c08c Compare January 6, 2026 20:12
@gertjanal gertjanal marked this pull request as ready for review January 6, 2026 20:18
@mosabua
Copy link
Copy Markdown
Member

mosabua commented Jan 6, 2026

I think thats a good idea. We might need to expand to other licenses that are incompatible with Apache but this is a good start

@gertjanal gertjanal marked this pull request as draft January 7, 2026 10:19
@gertjanal
Copy link
Copy Markdown
Contributor Author

gertjanal commented Jan 7, 2026
edited
Loading

Note to self:
grep '"license": "' core/trino-web-ui/src/main/resources/webapp-preview/package-lock.json | sort | uniq

{
      "license": "0BSD",
      "license": "AGPL-3.0-or-later", // In PR #27779
      "license": "Apache-2.0",
      "license": "BSD-2-Clause",
      "license": "BSD-3-Clause"
      "license": "BSD-3-Clause",
      "license": "CC-BY-4.0"
      "license": "ISC"
      "license": "ISC",
      "license": "MIT",
      "license": "MIT",
      "license": "MIT AND ISC",
      "license": "OFL-1.1",
      "license": "Python-2.0",
      "license": "Unlicense"
}

And for the original webapp:

{
      "license": "Apache-2.0"
      "license": "Apache-2.0",
      "license": "BSD-2-Clause"
      "license": "BSD-2-Clause",
      "license": "BSD-3-Clause"
      "license": "BSD-3-Clause",
      "license": "CC-BY-4.0"
      "license": "ISC"
      "license": "ISC",
      "license": "MIT"
      "license": "MIT",
}

findepi
findepi reviewed Jan 7, 2026
View reviewed changes
Comment thread core/trino-web-ui/src/main/resources/webapp/src/package.json Outdated
findepi
findepi reviewed Jan 7, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml Outdated
@gertjanal gertjanal force-pushed the npm-agpl-check branch 3 times, most recently from b36d113 to 0e0b581 Compare January 8, 2026 23:42
@gertjanal gertjanal changed the title Add npm check to validate no AGPL licenses are used in node modules Add npm check to validate no unwanted licenses are used in node modules Jan 8, 2026
@gertjanal gertjanal marked this pull request as ready for review January 9, 2026 00:13
@gertjanal gertjanal requested a review from mosabua January 9, 2026 00:13
chenjian2664
chenjian2664 reviewed Jan 9, 2026
View reviewed changes
Comment thread core/trino-web-ui/src/main/resources/webapp/src/package.json
findepi
findepi reviewed Jan 20, 2026
View reviewed changes
Comment thread core/trino-web-ui/src/main/resources/allowed-licenses.txt
Comment thread core/trino-web-ui/src/main/resources/webapp/src/package.json Outdated
findepi
findepi previously approved these changes Jan 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@findepi findepi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@martint PTAL the core/trino-web-ui/src/main/resources/allowed-licenses.txt file.

martint
martint reviewed Feb 5, 2026
View reviewed changes
Comment thread core/trino-web-ui/src/main/resources/allowed-licenses.txt
Comment thread core/trino-web-ui/src/main/resources/allowed-licenses.txt
Comment thread core/trino-web-ui/src/main/resources/allowed-licenses.txt
@findepi findepi mentioned this pull request Feb 12, 2026
Open
@findepi findepi merged commit b29013d into trinodb:master Feb 12, 2026
99 checks passed
@findepi
Copy link
Copy Markdown
Member

findepi commented Feb 12, 2026

Merged, thanks!

@github-actions github-actions Bot added this to the 480 milestone Feb 12, 2026
@prrvchr
Copy link
Copy Markdown
Member

prrvchr commented Feb 12, 2026

I can no longer compile unless I modify the file: core/trino-web-ui/src/main/resources/allowed-licenses.txt with:

"0BSD"
"Apache-2.0"
"BSD-2-Clause"
"BSD-3-Clause"
"CC-BY-4.0"
"ISC"
"MIT"
"MIT AND ISC"
"OFL-1.1"
"Python-2.0"
"Unlicense"
"(MPL-2.0 OR Apache-2.0)"

Is this normal?

@findepi
Copy link
Copy Markdown
Member

findepi commented Feb 12, 2026

thank you @prrvchr for heads up. this should help

@prrvchr
Copy link
Copy Markdown
Member

prrvchr commented Feb 12, 2026

@findepi Your welcome

@findepi findepi mentioned this pull request Feb 12, 2026
Merged
@ebyhr ebyhr mentioned this pull request Feb 12, 2026
Merged
@gertjanal gertjanal deleted the npm-agpl-check branch March 9, 2026 21:14
@ebyhr ebyhr mentioned this pull request Mar 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@martint martint martint left review comments

@findepi findepi findepi left review comments

@mosabua mosabua Awaiting requested review from mosabua

@chenjian2664 chenjian2664 Awaiting requested review from chenjian2664

Assignees

No one assigned

Labels

cla-signed ui Web UI

Milestone

480

Development

Successfully merging this pull request may close these issues.

6 participants

@gertjanal @mosabua @findepi @prrvchr @martint @chenjian2664