npm - @datapos/datapos-development - Versions diffs - 0.3.253 → 0.3.256 - Mend

@datapos/datapos-development 0.3.253 → 0.3.256

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md +104 -1
package/dist/datapos-development.es.js +5 -3
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -64,9 +64,10 @@ The OWASP Dependency Check Report identifies known vulnerabilities in project de
 ### Dependency Licenses
-The following table lists top-level production and peer dependencies. All these dependencies (including transitive ones) have been recursively verified to use Apache-2.0, BSD-2-Clause, CC0-1.0, or MIT—commercially friendly licenses with minimal restrictions. Developers cloning this repository should independently verify dev and optional dependencies; users of the published library are covered by these checks. If a dependence has no license then it is treated as ????? Used to support development activity and nor released as part of the production release. Check if you clone.
+The following table lists top-level production and peer dependencies. All these dependencies (including transitive ones) have been recursively verified to use Apache-2.0, BSD-2-Clause, CC0-1.0, or MIT—commercially friendly licenses with minimal restrictions. Developers cloning this repository should independently verify dev and optional dependencies; users of the published library are covered by these checks. We do not include unlicensed dependencies. Used to support development activity and not released as part of the production release. Check if you clone. We use `license-report`, `license-report-check` and `license-report-recursive` to identify dependency licenses.
 <!-- DEPENDENCY_LICENSES_START -->
 | Name                    |     Type     | Installed | Latest  | Latest Modified          |
 | :---------------------- | :----------: | :-------: | :-----: | :----------------------- |
 | @datapos/datapos-shared |     MIT      |  0.3.255  | 0.3.255 | 2025-11-29T17:16:07.774Z |
@@ -75,6 +76,7 @@ The following table lists top-level production and peer dependencies. All these
 | acorn-walk              |     MIT      |   8.3.4   |  8.3.4  | 2024-09-09T08:40:59.131Z |
 | dotenv                  | BSD-2-Clause |  17.2.3   | 17.2.3  | 2025-09-29T23:22:21.769Z |
 | zod                     |     MIT      |  4.1.13   | 4.1.13  | 2025-11-24T02:38:31.522Z |
 <!-- DEPENDENCY_LICENSES_END -->
 ### Bundle Analysis Report
@@ -110,3 +112,104 @@ For detailed implementation, see the `scripts` section in the `package.json` fil
 This project is licensed under the MIT License, allowing free use, modification, and distribution.
 [MIT](./LICENSE) © 2026 Data Positioning Pty Ltd
+## Review License Reporting
+Here’s a step-by-step license compliance checklist for Node.js projects that combines automated tooling like license-report with manual verification. This is designed to make sure your MIT project remains compliant when using third-party dependencies.
+Node.js License Compliance Checklist
+Step 1: Generate initial license report
+Run your tool, e.g., license-report:
+npx license-report --json > licenses.json
+Save the output for review.
+This gives a first-pass list of all dependencies and their declared licenses.
+Step 2: Identify potential issues
+For each dependency in the report, check for:
+Flag What it means Action
+No license declared No license field in package.json Check for LICENSE file in repo. If none, contact author or replace dependency.
+Custom/proprietary license License not recognized Manually review the license text and confirm compatibility.
+Copyleft license (GPL, LGPL) May require release of modifications If LGPL, ensure linking rules are followed. GPL may restrict distribution.
+License mismatch License field differs from LICENSE file Trust LICENSE file; update your report accordingly.
+Step 3: Verify actual license text
+Check the dependency’s repository for a LICENSE file.
+Confirm that the license text matches the package.json declaration.
+For multi-license projects, note which license applies to the code you are using.
+Step 4: Document all licenses
+Create a ThirdPartyLicenses.md or LICENSES/ folder in your project.
+For each dependency, include:
+Dependency name and version
+License type (from LICENSE file)
+URL to repository or package
+Any copyleft obligations (e.g., “LGPL: modifications must remain LGPL”)
+Example (ThirdPartyLicenses.md):
+# Third-Party Dependencies
+## LibraryA 1.2.3
+- License: Apache-2.0
+- Repository: https://github.com/user/libraryA
+- License text: LICENSES/LibraryA.txt
+## LibraryB 4.5.6
+- License: BSD-2-Clause
+- Repository: https://github.com/user/libraryB
+- License text: LICENSES/LibraryB.txt
+## LibraryC 0.1.2
+- License: LGPL-3.0-only
+- Repository: https://github.com/user/libraryC
+- License text: LICENSES/LibraryC.txt
+- Note: If you modify this library, modifications must remain LGPL-3.0-only
+Step 5: Include license texts
+Copy the full license text into your project for each dependency.
+Put each in LICENSES/LibraryName.txt or combine into ThirdPartyLicenses.md.
+Make it easily accessible to end users.
+Step 6: Audit before release
+Review all dependencies: no missing licenses.
+Confirm compliance with copyleft licenses.
+Ensure your own MIT license only covers your code.
+Update ThirdPartyLicenses.md whenever dependencies are added/updated.
+Step 7: Automate for future
+Use CI scripts to regenerate license report on npm install or release.
+Fail the build if any dependency has “no license” or an incompatible license.
+Optional tools:
+license-checker (Node.js)
+npm-license-crawler
+fossology (more comprehensive scanning)

package/dist/datapos-development.es.js CHANGED Viewed

@@ -7751,7 +7751,7 @@ async function ip() {
     if (i === "app")
       se("7️⃣  Register module"), await Rh();
     else if (i === "engine")
-      se("7️⃣  Register module"), await ys(), await vs("datapos-engine-eu");
+      se("7️⃣  Register module"), await ys(), await vs(`datapos-engine-eu/${s}`);
     else if (s === void 0)
       se("7️⃣  Registration NOT required.");
     else {
@@ -7837,6 +7837,8 @@ function Bh(e) {
 }
 function $h(e) {
   switch (e) {
+    case "engine":
+      return "engine";
     case "connector":
       return "connectors";
     case "context":
@@ -7866,7 +7868,7 @@ async function ap() {
       "--nodePackageSkipDevDependencies",
       "--nvdApiKey",
       process.env.NVD_API_KEY ?? ""
-    ]), await Hh("2️⃣"), await Ee("3️⃣", "npm", ["audit"]), Fe("Dependencies audited.");
+    ]), await Hh("2️⃣"), await Ee("3️⃣  Check using 'npm outdated'", "npm", ["audit"]), Fe("Dependencies audited.");
   } catch (e) {
     console.error("❌ Error auditing dependencies.", e), process.exit(1);
   }
@@ -7907,7 +7909,7 @@ async function Wh(e) {
 }
 async function np() {
   try {
-    Le("Check Dependencies"), await Ee("1️⃣ Check using 'npm outdated'", "npm", ["outdated"], !0), await Ee("2️⃣ Check using 'npm-check-updates'", "npm-check-updates", ["-i"]), Fe("Dependencies checked.");
+    Le("Check Dependencies"), await Ee("1️⃣  Check using 'npm outdated'", "npm", ["outdated"], !0), await Ee("2️⃣  Check using 'npm-check-updates'", "npm-check-updates", ["-i"]), Fe("Dependencies checked.");
   } catch (e) {
     console.error("❌ Error checking dependencies.", e), process.exit(1);
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@datapos/datapos-development",
-    "version": "0.3.253",
+    "version": "0.3.256",
     "description": "A library of utilities for managing the Data Positioning repositories.",
     "license": "MIT",
     "author": "Jonathan Terrell <terrell.jm@gmail.com>",