Whitelist of packages to include

[brettz9]

Would it be in scope for you to support giving a list of package names/ranges to include for checking (and not check anything else)?

In order to display content on the likes of raw.githack.com for browser scripts, I have a routine to copy dependencies out of node_modules and reference the copies instead and to only add them in devDependencies. However, I'm not interested in licenses for all of the other (many) devDependencies, so I'd like to whitelist my own list for checking rather than being forced to explicitly ignore the ones that are not of interest.

[brettz9]

Alternatively, if forced to use ignore, it would be very helpful to be able to at least configure ignore so that it would ignore all child dependencies as well (unless in use by a non-ignored file).

[kemitchell]

What a respectful request!

I am not sure whether licensee should support the functionality you want. In general, I'd prefer to keep this project as small as possible. But perhaps others would find a flag like --only a,b,c useful. I don't know.

Which means there are two options.

Send a PR

I would be happy to a review a pull request that adds an --only option to the CLI in the licensee file, and reports only on those packages. You would need to add a CI flag, like --only, for the CLI.

You would add the option by changing the usage text:

licensee.js/licensee

Line 8 in 9ad2af3

var USAGE = [

You would filter packages somewhere around here:

licensee.js/licensee

Line 130 in 9ad2af3

dependencies.forEach(function (dependency) {

Write Your Own CLI with the licensee Module

licensee is written in a way that should help you write the tool you need. In particular, I think you could write your own CLI using licensee as a dependency.

Have a look at this line of the licensee bin script, which calls the module the licensee package exports:

licensee.js/licensee

Line 119 in 9ad2af3

require('./')(configuration, cwd, function (error, dependencies) {

Given a configuration object, a directory path, and a callback, the module will yield an error or Array of dependency Objects. You could filter that Array of Objects to include only Objects about the dependencies you want to analyze, print messages, and exit 0 or 1 as appropriate from there.

To get started, you might try forking this repository, renaming the package, removing index.js, renaming licensee to bin.js or similar and changing bin in package.json, npm i -D licensee, sed -I "s!require('./')!require('licensee')!", and going from there.

[brettz9]

Does changing ignore (or adding a distinct option) such that its children would also be ignored, appeal to you? (I can't commit to offering this, so at the moment, just asking whether you think it would fit.)

[kemitchell]

@brettz9 I don't think that ignore semantics would match the most common, license-audit use case very well.