@ckeditor/ckeditor5-dev-license-checker 54.0.0

package/LICENSE.md

@@ -0,0 +1,16 @@
+Software License Agreement
+==========================
+
+Copyright (c) 2003-2025, [CKSource](http://cksource.com) Holding sp. z o.o. All rights reserved.
+
+Licensed under the terms of [GNU General Public License Version 2 or later](http://www.gnu.org/licenses/gpl.html).
+
+Sources of Intellectual Property Included in CKEditor
+-----------------------------------------------------
+
+Where not otherwise indicated, all CKEditor content is authored by CKSource engineers and consists of CKSource-owned intellectual property. In some specific instances, CKEditor will incorporate work done by developers outside of CKSource with their express permission.
+
+Trademarks
+----------
+
+**CKEditor** is a trademark of [CKSource](http://cksource.com) Holding sp. z o.o. All other brand and product names are trademarks, registered trademarks or service marks of their respective holders.

package/README.md

@@ -0,0 +1,17 @@
+CKEditor 5 license checker
+=============================
+
+[![npm version](https://badge.fury.io/js/%40ckeditor%2Fckeditor5-dev-license-checker.svg)](https://www.npmjs.com/package/@ckeditor/ckeditor5-dev-license-checker)
+[![CircleCI](https://circleci.com/gh/ckeditor/ckeditor5-dev.svg?style=shield)](https://app.circleci.com/pipelines/github/ckeditor/ckeditor5-dev?branch=master)
+
+Contains tools for validating licenses.
+
+More information about development tools packages can be found at the following URL: <https://github.com/ckeditor/ckeditor5-dev>.
+
+## Changelog
+
+See the [`CHANGELOG.md`](https://github.com/ckeditor/ckeditor5-dev/blob/master/packages/ckeditor5-dev-license-checker/CHANGELOG.md) file.
+
+## License
+
+Licensed under the terms of [GNU General Public License Version 2 or later](http://www.gnu.org/licenses/gpl.html). For full details about the license, please check the `LICENSE.md` file.

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+/**
+ * @license Copyright (c) 2003-2025, CKSource Holding sp. z o.o. All rights reserved.
+ * For licensing, see LICENSE.md.
+ */
+export { validateLicenseFiles } from './validate-license-files.js';

package/dist/index.js

@@ -0,0 +1,242 @@
+import { glob, readFile, writeFile } from 'fs/promises';
+import { findPackageJSON } from 'module';
+import { createPatch } from 'diff';
+import upath from 'upath';
+
+/**
+ * @license Copyright (c) 2003-2025, CKSource Holding sp. z o.o. All rights reserved.
+ * For licensing, see LICENSE.md.
+ */
+const conjunctionFormatter = new Intl.ListFormat('en', { style: 'long', type: 'conjunction' });
+/**
+ * @param options
+ * @param options.fix Whether to fix license files instead of printing errors.
+ * @param options.verbose Whether to print diff instead of just path to file on failed validation.
+ * @param options.shouldProcessRoot Whether validation should process the root.
+ * @param options.shouldProcessPackages Whether validation should process `packages/*`.
+ * @param options.isPublic Whether license should use disclaimer meant for open source repositories.
+ * @param options.rootDir Base directory.
+ * @param options.projectName Project name referred to in the licenses.
+ * @param options.mainPackageName Designated package that contains collected licenses from all other packages.
+ * @param options.copyrightOverrides Map of of copyright that can both add new ones, as well as override existing ones.
+ *
+ * @returns Exit code of the script that indicates whether it passed or errored.
+ */
+async function validateLicenseFiles({ fix = false, verbose = false, shouldProcessRoot = false, shouldProcessPackages = false, isPublic = false, rootDir, projectName, mainPackageName, copyrightOverrides = [] }) {
+    const packagePaths = [];
+    if (shouldProcessRoot) {
+        packagePaths.push(rootDir);
+    }
+    if (shouldProcessPackages) {
+        packagePaths.push(...await fromAsync(glob(upath.join(rootDir, 'packages', '*'))));
+    }
+    if (!packagePaths.length) {
+        console.error([
+            'No packages to parse detected. Make sure that you provided proper paths,',
+            'as well as set at least one of: `shouldProcessRoot` or `shouldProcessPackages`.'
+        ].join('\n'));
+        return 1;
+    }
+    const dependencyMaps = await Promise.all(packagePaths.map(async (packagePath) => getPackageDependencyMap(packagePath, copyrightOverrides)));
+    console.info('Validating licenses in following packages:');
+    console.info(dependencyMaps.map(({ packageName }) => ` - ${packageName}`).join('\n'));
+    const missingCopyrightLists = getMissingCopyrightLists(dependencyMaps);
+    if (missingCopyrightLists.length) {
+        console.error('\n❌ Following packages include dependencies where finding copyright message failed. Please add an override:\n');
+        console.error(missingCopyrightLists.join('\n'));
+        return 1;
+    }
+    if (mainPackageName) {
+        copyDependenciesToTheMainPackage(dependencyMaps, mainPackageName);
+    }
+    const processingResults = await Promise.all(dependencyMaps.map(dependencyMap => processDependencyMap({ dependencyMap, projectName, isPublic, fix })));
+    const updatedLicenses = processingResults.filter(processingResult => 'updated' in processingResult);
+    const licensesMissing = processingResults.filter(processingResult => 'licenseMissing' in processingResult);
+    const sectionsMissing = processingResults.filter(processingResult => 'sectionMissing' in processingResult);
+    const updatesNeeded = processingResults.filter((processingResult) => 'updateNeeded' in processingResult);
+    if (updatedLicenses.length) {
+        console.info('\nUpdated the following license files:');
+        console.info(makeLicenseFileList(updatedLicenses));
+    }
+    if (!licensesMissing.length && !sectionsMissing.length && !updatesNeeded.length) {
+        console.info('\nValidation complete.');
+        return 0;
+    }
+    if (licensesMissing.length) {
+        console.error('\nFollowing license files are missing. Please create them:');
+        console.error(makeLicenseFileList(licensesMissing));
+    }
+    if (sectionsMissing.length) {
+        console.error([
+            '\nFailed to detect license section in following files.',
+            'Please add an `Sources of Intellectual Property Included in ...` section to them:'
+        ].join(' '));
+        console.error(makeLicenseFileList(sectionsMissing));
+    }
+    if (updatesNeeded.length) {
+        console.error('\nFollowing license files are not up to date. Please run this script with `--fix` option and review the changes.');
+        if (!verbose) {
+            console.error(makeLicenseFileList(updatesNeeded));
+        }
+        else {
+            console.error('\n' + updatesNeeded.map(({ patch }) => patch).join('\n'));
+        }
+    }
+    return 1;
+}
+async function getPackageDependencyMap(packagePath, copyrightOverrides) {
+    const pkgJsonPath = upath.join(packagePath, 'package.json');
+    const pkgJsonContent = JSON.parse(await readFile(pkgJsonPath, 'utf-8'));
+    const dependencyNames = Object.keys(pkgJsonContent.dependencies || {})
+        .filter(dependency => !dependency.match(/(ckeditor)|(cksource)/i));
+    const packageName = pkgJsonContent.name;
+    const dependencyMap = {
+        packageName,
+        packagePath,
+        dependencies: []
+    };
+    const copyrightOverridesPackage = copyrightOverrides
+        .find(({ packageName: overridePackageName }) => packageName === overridePackageName);
+    if (copyrightOverridesPackage) {
+        dependencyMap.dependencies.push(...copyrightOverridesPackage.dependencies);
+    }
+    for (const dependencyName of dependencyNames) {
+        // If override already exists, skip parsing the dependency.
+        if (dependencyMap.dependencies.some(({ name }) => name === dependencyName)) {
+            continue;
+        }
+        const dependencyData = { name: dependencyName };
+        dependencyMap.dependencies.push(dependencyData);
+        try {
+            const dependencyPkgJsonPath = findPackageJSON(dependencyName, packagePath);
+            const dependencyPkgJsonContent = JSON.parse(await readFile(dependencyPkgJsonPath, 'utf-8'));
+            dependencyData.license = dependencyPkgJsonContent.license;
+            dependencyData.copyright = await getCopyright(dependencyPkgJsonPath);
+        }
+        catch {
+            // For packages such as `empathic` there is no export under that namespace, only `empathic/*`.
+            // This causes `findPackageJSON()` to error. We silently fail and later ask the integrator to add an override.
+        }
+    }
+    return dependencyMap;
+}
+function getMissingCopyrightLists(dependencyMaps) {
+    return dependencyMaps
+        .map(({ packageName, dependencies }) => {
+        const missingCopyrights = dependencies
+            .filter(({ license, copyright }) => !license || !copyright)
+            .map(({ name }) => ` - ${name}`);
+        if (missingCopyrights.length) {
+            return [
+                `${packageName}:`,
+                ...missingCopyrights,
+                ''
+            ].join('\n');
+        }
+    })
+        .filter((item) => typeof item === 'string');
+}
+function copyDependenciesToTheMainPackage(dependencyMaps, mainPackageName) {
+    const mainPackage = dependencyMaps.find(({ packageName }) => packageName === mainPackageName);
+    mainPackage.dependencies = dependencyMaps.reduce((output, item) => {
+        item.dependencies.forEach(dependency => {
+            const itemAlreadyPresent = output.some(({ name }) => name === dependency.name);
+            if (!itemAlreadyPresent) {
+                output.push(dependency);
+            }
+        });
+        return output;
+    }, []);
+}
+async function processDependencyMap({ dependencyMap, projectName, isPublic, fix }) {
+    const licenseSectionPattern = /(?<=\n)Sources of Intellectual Property Included in .*?\n[\S\s]*?(?=(\nTrademarks\n)|$)/;
+    const header = `Sources of Intellectual Property Included in ${projectName}`;
+    const licensePath = upath.join(dependencyMap.packagePath, 'LICENSE.md');
+    let currentLicense;
+    try {
+        currentLicense = await readFile(licensePath, 'utf-8');
+    }
+    catch {
+        return { licensePath, licenseMissing: true };
+    }
+    if (!currentLicense.match(licenseSectionPattern)) {
+        return { licensePath, sectionMissing: true };
+    }
+    const newLicense = currentLicense.replace(licenseSectionPattern, [
+        header,
+        '-'.repeat(header.length),
+        '',
+        getAuthorDisclaimer(projectName, isPublic),
+        '',
+        ...getLicenseList(projectName, dependencyMap.dependencies)
+    ].filter(item => typeof item === 'string').join('\n'));
+    if (currentLicense === newLicense) {
+        return { licensePath };
+    }
+    if (fix) {
+        await writeFile(licensePath, newLicense, 'utf-8');
+        return { licensePath, updated: true };
+    }
+    const patch = createPatch(licensePath, currentLicense, newLicense);
+    return { licensePath, updateNeeded: true, patch };
+}
+function getAuthorDisclaimer(projectName, isPublic) {
+    const authorDisclaimer = [
+        `Where not otherwise indicated, all ${projectName} content is authored`,
+        'by CKSource engineers and consists of CKSource-owned intellectual property.'
+    ];
+    if (isPublic) {
+        authorDisclaimer.push(`In some specific instances, ${projectName} will incorporate work done by`, 'developers outside of CKSource with their express permission.');
+    }
+    return authorDisclaimer.join(' ');
+}
+function getLicenseTypeHeader(projectName, licenseType) {
+    return [
+        'The following libraries are included in',
+        projectName,
+        `under the [${licenseType} license](https://opensource.org/licenses/${licenseType}):`
+    ].join(' ');
+}
+function getLicenseList(projectName, dependencies) {
+    const licenseTypes = removeDuplicates(dependencies.flatMap(dependency => dependency.license));
+    return licenseTypes.sort().flatMap(licenseType => [
+        getLicenseTypeHeader(projectName, licenseType),
+        '',
+        ...dependencies
+            .filter(({ license }) => license === licenseType)
+            .sort((a, b) => a.name.localeCompare(b.name))
+            .map(({ name, copyright }) => `* ${name} - ${copyright}`),
+        ''
+    ]);
+}
+async function getCopyright(dependencyPkgJsonPath) {
+    const dependencyPath = upath.dirname(dependencyPkgJsonPath);
+    const dependencyRootFilePaths = await fromAsync(glob(upath.join(dependencyPath, '*')));
+    const dependencyLicensePath = dependencyRootFilePaths.find(path => upath.basename(path).match(/license/i));
+    if (!dependencyLicensePath) {
+        return;
+    }
+    const dependencyLicenseContent = await readFile(dependencyLicensePath, 'utf-8');
+    const matches = dependencyLicenseContent.match(/(?<=^|\n[ \t]*?)Copyright.+/g);
+    if (!matches) {
+        return;
+    }
+    return conjunctionFormatter.format(matches.map(match => match.replace(/\.$/, '')) // Strip preexisting trailing dot.
+    ) + '.'; // Add the trailing dot back.
+}
+function removeDuplicates(array) {
+    return Array.from(new Set(array));
+}
+function makeLicenseFileList(array) {
+    return array.map(({ licensePath }) => ` - ${licensePath}`).join('\n');
+}
+// TODO: Replace with `Array.fromAsync()` once we upgrade to TS 5.5
+async function fromAsync(iterable) {
+    const result = [];
+    for await (const item of iterable) {
+        result.push(item);
+    }
+    return result;
+}
+
+export { validateLicenseFiles };

package/dist/validate-license-files.d.ts

@@ -0,0 +1,38 @@
+/**
+ * @license Copyright (c) 2003-2025, CKSource Holding sp. z o.o. All rights reserved.
+ * For licensing, see LICENSE.md.
+ */
+type CopyrightOverride = {
+    packageName: string;
+    dependencies: Array<{
+        license: string;
+        name: string;
+        copyright: string;
+    }>;
+};
+/**
+ * @param options
+ * @param options.fix Whether to fix license files instead of printing errors.
+ * @param options.verbose Whether to print diff instead of just path to file on failed validation.
+ * @param options.shouldProcessRoot Whether validation should process the root.
+ * @param options.shouldProcessPackages Whether validation should process `packages/*`.
+ * @param options.isPublic Whether license should use disclaimer meant for open source repositories.
+ * @param options.rootDir Base directory.
+ * @param options.projectName Project name referred to in the licenses.
+ * @param options.mainPackageName Designated package that contains collected licenses from all other packages.
+ * @param options.copyrightOverrides Map of of copyright that can both add new ones, as well as override existing ones.
+ *
+ * @returns Exit code of the script that indicates whether it passed or errored.
+ */
+export declare function validateLicenseFiles({ fix, verbose, shouldProcessRoot, shouldProcessPackages, isPublic, rootDir, projectName, mainPackageName, copyrightOverrides }: {
+    fix?: boolean;
+    verbose?: boolean;
+    shouldProcessRoot?: boolean;
+    shouldProcessPackages?: boolean;
+    isPublic?: boolean;
+    rootDir: string;
+    projectName: string;
+    mainPackageName?: string;
+    copyrightOverrides?: Array<CopyrightOverride>;
+}): Promise<number>;
+export {};

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@ckeditor/ckeditor5-dev-license-checker",
+  "version": "54.0.0",
+  "description": "Contains tools for validating licenses.",
+  "keywords": [],
+  "author": "CKSource (http://cksource.com/)",
+  "license": "GPL-2.0-or-later",
+  "homepage": "https://github.com/ckeditor/ckeditor5-dev/tree/master/packages/ckeditor5-dev-license-checker",
+  "bugs": "https://github.com/ckeditor/ckeditor5/issues",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ckeditor/ckeditor5-dev.git",
+    "directory": "packages/ckeditor5-dev-license-checker"
+  },
+  "engines": {
+    "node": ">=24.11.0",
+    "npm": ">=5.7.1"
+  },
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "diff": "^8.0.2",
+    "upath": "^2.0.1"
+  }
+}