Automated License Finder for Front End Development
A simple solution to keep track of licenses for the different open source libraries used in a project, to ensure only compliant software is shipped.
The usage of open source in software development is very common in the technology space. When software products are shipped, its very important to ensure that the products uses open source software (if any) with the right kind of licensing. Violation of this would put the company and its developers through rough times.
Given the volume of code that is written everyday, a great way to ensure this is to automate the process of checking for these licenses in the source code of the products that are being built.
Pivotal’s License Finder is a great tool that sweeps through the entire repository looking for different libraries that are used and their respective licenses and provides a quick report of the different licenses used. Thanks Nikhil, for pointing this tool out. Pivotal supports different languages, but mostly relies on framework implementations to predict the location of these libraries in the source code.
Simply put, manifest files are key for this tracker to work, since that is where they find the information about the different open source libraries that are used in the source code.
Using this information, they then lookup either the local code, or the remote repos to find out information about the licenses.
Let’s take a example of a front end development project that uses bower for package management.
Let’s assume that the bower.json file below is present in the product’s file system.
{
“name”:”test-app”,
“dependencies”:{
“jquery”:”~2.1.3",
“jquery.ui”:”~1.11.4",
“underscore”:”~1.8.2",
“backbone”:”~1.1.2",
“bootstrap”:”~3.3.4",
“mustache.js”:”~1.1.0"
}
}Simply run the license finder in the project’s directory.
license_finderThis will generate a report similar to what’s shown below.
Ignored Dependencies:
(none)
Dependencies that need approval:
backbone, 1.1.2, MIT
bootstrap, 3.3.4, MIT
jquery, 2.1.3, MIT
jquery-ui, 1.11.4, MIT
mustache.js, 1.1.0, MIT
underscore, 1.8.2, MITTada!
This process can be wired into an automation tool such as a cron job or a scheduled build system to generate a report. The choice of tool can depend on the existing workflow of the project.
