Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: report packages with viral LICENSE files #771

Closed
alestiago opened this issue Aug 25, 2023 · 1 comment
Closed

feat: report packages with viral LICENSE files #771

alestiago opened this issue Aug 25, 2023 · 1 comment
Assignees
@alestiago
Labels
feature A new feature or request

Comments

@alestiago
Copy link
Contributor

alestiago commented Aug 25, 2023
edited
Loading

Description

Projects dependencies should always use non-viral LICENSEs. As a user of Very Good CLI I would like to have the ability to quickly know if my projects are using a viral LICENSE and report back.

Proposals

The following proposal are draft ideas and they are open to change.

Proposal 1: Update packages get

Upon very_good packages get, perform a check on the dependencies and ensure they have non-viral LICENSEs. Allow the user to include a list of desired licences via --licenses (or --approved-licenses). If the check is always performed allow the user to specify --no-license-check to avoid checking licenses. Alternatively only perform the check when given --licenses. I personally prefer the user to opt-out of the check.

Proposal 2: Introduce packages check (or packages analyze)

Create a new subcommand on packages to perform the check. Allow the user to include a list of desired licences via --licenses (or --approved-licenses). Future conditions to check the quality of a package can be introduced. Like for example, checking the pana score of those that are hosted in pub.dev, or ensuring they have test coverage. If so, --no-license-check could also be introduced.

In contrast with the first proposal, this covers those cases where the user might already have dependencies up to date and will only want to check the packages.

Further Context
@alestiago alestiago added the bug Something isn't working as expected label Aug 25, 2023
@alestiago alestiago moved this to Needs Triage in VGV Open Source 🦄 🧙🌟 Aug 25, 2023
@alestiago alestiago added feature A new feature or request and removed bug Something isn't working as expected labels Aug 25, 2023
@BeatriceMitchell BeatriceMitchell moved this from Needs Triage to Backlog in VGV Open Source 🦄 🧙🌟 Sep 5, 2023
@alestiago alestiago moved this from Backlog to Todo in VGV Open Source 🦄 🧙🌟 Sep 25, 2023
@alestiago alestiago moved this from Todo to In Progress in VGV Open Source 🦄 🧙🌟 Sep 26, 2023
@alestiago alestiago self-assigned this Sep 26, 2023
This was referenced Sep 28, 2023
Merged
Merged
Merged
Merged
This was referenced Oct 5, 2023
Merged
Merged
Merged
Merged
Merged
This was referenced Oct 13, 2023
Merged
Merged
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in VGV Open Source 🦄 🧙🌟 Oct 19, 2023
@alestiago
Copy link
Contributor Author

This is now a support feature, see the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alestiago alestiago

Labels
feature A new feature or request
Projects
VGV Open Source 🦄 🧙🌟
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alestiago