Skip to content

Latest commit

 

History

History
18 lines (14 loc) · 1.62 KB

README.md

File metadata and controls

18 lines (14 loc) · 1.62 KB

node-license-checker-action

GitHub action to check licenses on node module dependencies.

If any license is found which isn't allowed (including missing licenses), the action will exit with code 1, thereby failing the build.

We recommend to put this action on pushes to your main branch, and pull requests to your main branch.

See the entrypoint.sh for configurable environment variables, things which can be controlled are:

  • ALLOWED_LICENSES - a comma separated list of license names. Default is in allowed-licenses.txt.
  • ALL_OUTPUT_FILE - where to put the CSV report of all discovered licenses. Defaults to licenses.csv. Consider making it a build artifact.
  • DISALLOWED_OUTPUT_FILE - where to put the CSV report of disallowed licenses. Defaults to disallowed-licenses.csv. Consider making it a build artifact.
  • TARGET_DIR - where you want the scan to run, instead of the root of the repo. Relative paths should work.
  • EXCLUDE_PACKAGES - semicolon separated list of npm packages to ignore scanning for licenses - use this if you have a package you know is OK, such as an internal dependency.
  • DO_NPM_INSTALL - whether to automatically download node_modules to TARGET_DIR. Default: true
  • NPM_INSTALL_CMD - command used to download node_modules. Default: npm ci --ignore-scripts. Sometimes, you might change it to yarn install or npm install --ignore-scripts
  • DO_NPM_LS - whether to run npm ls --all to print a dependency tree before running the license checks.

The arguments to license-checker-rseidelsohn can be overriden by adding args to the action.