New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-generate license file to contain licenses of bundled dependencies #3063
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3063 +/- ##
=======================================
Coverage 88.75% 88.75%
=======================================
Files 165 165
Lines 5737 5737
Branches 1748 1748
=======================================
Hits 5092 5092
Misses 388 388
Partials 257 257 Continue to review full report at Codecov.
|
Ok, seems we need to find a good way to not parse the plugin on Node-6. Will have a look after the weekend. |
@lukastaegert Sorry, I did not see that I broke compatibility with node 6. I think that, as along as rollup support node 6, plugins should too, so I'm going to fix this. |
Oh cool! I think I could work around it by using a conditional dynamic import until we probably drop Node 6 some time later this year with Rollup 2 but that would be easier 😉 |
Whoops, the site wasn't showing previous replies. @lukastaegert we should make dropping node 6 a priority imho. It's been out of maintenance for some time now. And a new major version isn't a big deal, lots of numbers left :) |
True, but I would not want to spin the major too easily either. A major is both an opportunity for publicity as well as something where people will only update cautiously. We should at least make sure we collect all pending depreciations as well as make up our minds which features that would require a major version we want to add. Then all depreciations need to be properly documented with their recommended upgrade paths etc. Always a lot of work involved. |
Also, all plugins in the rollup organization should at least receive a small audit once we have a 2.0 branch. |
(I'm way off-topic so apologies to those tracking the thread) Fwiw the plugins are on my radar next. Get ready for more notification emails haha. |
Fixed the Node 6 compatibility issue for now. |
@lukastaegert Hi, |
74b9b11
to
f3adad8
Compare
Nice, updated to 12.1, working well! |
Merging as I think there were no concerns with the PR in its essence any more. |
This PR contains:
Are tests included?
Breaking Changes?
List any relevant issue numbers:
Description
When bundling dependencies, it is possible that consumers of your software install and use code that has a different license than what they thought they are installing. Furthermore, most comonly used licenses (e.g. MIT, ISC, Apache) require you to add a copy of the license text when distributing the code.
Until now, Rollup has not been upfront about the licenses of the bundled dependencies and was also not in compliance with the requirement to add the proper license texts.
To solve this, I have been in communications with @mjeanroy, who has been so awesome to extend
rollup-plugin-license
toI have changed the rollup build so that the license file is updated each time we do a full build. If there are changes, the changed license file should be committed again.
Feedback is very much welcome. My hope is that this could serve as an example on how to handle licenses when bundling dependencies.