Licenses can be a mess. So, we decided to do this job for you, too. We introduced two license scanners not allowing you to use dependencies with unwanted licenses. All packages and plugins are licensed out-of-the-box GPL-3.0-or-later
(see LICENSE
files and license
key in package.json``composer.json
).
{% hint style="warning" %} We give no guarantee of legal validity! {% endhint %}
As we use yarn
as dependency manager, we can rely on yarn licenses
scanning all used dependencies and report back if there is an issue (on CI side). A generated disclaimer will be saved to LICENSE_3RD_PARTY_JS.md
.
Allowed licenses and packages can be configured in package.json#license-check
.
{% hint style="warning" %}
Root dependencies are not checked! Make sure to add all your license-relevant dependencies to your subpackage package.json
.
{% endhint %}
As we use composer
as dependency manager, we can rely on the following packages:
composer-plugin-license-check
: Checks licenses due to a whitelist defined incomposer.json#extra.metasyntactical/composer-plugin-license-check
and and reports if there is an issue (on CI side)php-legal-licenses
: Additionally aLICENSE_3RD_PARTY_PHP.md
file will be generated.