Is there a way to perform license compliance checks with webpack? Ideally the license headers from all the modules built by webpack are included in the final out file, but how do we check that that is the case?
Also is there a plugin that can detect license compatibility conflicts?
If a dependency and the resulting transitive dependencies are defined under dependencies
or devDependencies
does not help with the question if the dependency is included in the webpack build output or not. Try webpack-license-plugin, it might help you with your problems.
If you have questions, feel free to ask. I'm the maintainer of the module, so i might be able to help!
I'm not a lawyer, so this isn't legal advice.
It seems like you're trying to solve two different problems: (1) understand compliance obligations of packages installed via npm, (2) fulfill any obligations (e.g. including a license in the output of webpack).
For (1) tldrlegal is a helpful tool that will print a highlevel summary of obligations. Since obligations could include requirements like "display an acknowledgement in all advertising materials", it's hard to boil compliance checks down to just a step in the build process (which is presumably when webpack would come into play). It looks like this library might help with the compatibility aspect.
(2) For complying with obligations like distributing a license in copies of source, webpack's Uglify plugin does this by default. The licenses of packages listed in the dependencies
of your package.json are included by default in the build via the comments
option. (It looks like this may be changing for webpack v4.) Note that licenses of dependencies listed in the devDependencies
are not included in the built file.
To configure this explicitly, in your webpack config include:
new webpack.optimize.UglifyJsPlugin({
comments: /^\**!|@preserve|@license/,
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With