-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
License checker process/script #1104
Comments
I would like to take this one. |
I'm interested in joining because that's something I'm working on for NodeSecure. I spent quite few hours on license detection (and others) for NodeSecure/scanner. Most solution in the ecosystem doesn't detect much licenses compared what available in SPDX :\ |
This merely rebuilds the main Node.js license based on what was manually added to |
@fraxken you wrote: #1104 (comment)
If you want to give the node and its deps and embedded code a good license scrub, you may want to check out scancode-toolkit (or scancode.io) which is considered the leading FOSS tool in space. If there is any license or copyright not detected correctly, this is a bug. And we fix bugs. Also does SBOMs. |
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
Recently, we had some concerns regarding licenses for the Node.js sub-dependencies, and there was a suggestion on nodejs/node#49625 to include a script that validates the licenses for the Node.js dependencies.
As an initial kick-off, we had this comment on nodejs/node#49625 (comment).
This will require a good discussion within the team, but overall potential objectives (from #1100) are:
The text was updated successfully, but these errors were encountered: