@rio-cloud/rio-license-checker 1.1.2 → 1.2.0-alpha.0

package/README.md

@@ -1,58 +1,93 @@
-# rio-license-checker
+# [@rio-cloud/rio-license-checker](https://www.npmjs.com/package/@rio-cloud/rio-license-checker)
 
-Easy-to-use tool to run a license check according to the RIO guidelines.
+Helps checking third-party libraries' licenses according to RIO guidelines.
 
-It does the following:
+## Usage
 
-* download the latest version of the RIO license whitelist for the given project type from the central RIO license S3 bucket
-* run a 3rd party license checker tool to crawl the licenses of the project in the given directory (or `.`, if not specified)
-* compare the licenses found with the RIO whitelist
-  * if a license is found that is not in the whitelist: fail with nonzero exit code
-  * if all licenses are compliant: upload a license report to the central RIO license S3 bucket (only if the `--upload` flag is set)
+```shell
+# general usage information
+npx @rio-cloud/rio-license-checker help
 
-Nothing of that is really new - this is supposed to be a testable, maintainable drop-in replacement for the code snippets & scripts we currently copy-paste from one repo to another.
+# information on the default "run-check" command
+npx @rio-cloud/rio-license-checker help run-check
 
-Currently supports:
+# information on the "download-whitelist" command
+npx @rio-cloud/rio-license-checker help download-whitelist
 
-* npm frontend projects
-* npm backend projects
-* gradle projects
+# information on the "upload-report" command
+npx @rio-cloud/rio-license-checker help upload-report
+```
 
-## License Check Implementation
+The `run-check` command is the default command. The command name is optional:
 
-### npm
+```shell
+npx @rio-cloud/rio-license-checker run-check -a rio-example -s example-service -t npm-frontend
+# is the same as
+npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t npm-frontend
+```
 
-* The underlying license checker tool is [license-checker-rseidelsohn](https://www.npmjs.com/package/license-checker-rseidelsohn).
-* The license checker generates a report and compares the licenses to the passed whitelist.
-* The application's own package is automatically excluded from the report, as it (usually) does not have a license.
-* For testability reasons, we cannot use the programmatic interface of the tool. Instead, we call it as a subprocess via `zx`.
-* You can exclude dependencies by creating a `oss-licenses-ignore-packages.txt` file in the project directory.
+## Automatic mode (a.k.a. `run-check`)
+
+1. Downloads the appropriate license whitelist that's curated by the RIO Security Guild from a central location.
+2. Orchestrates a 3rd-party license checking tool to inspect your project's dependencies.
+   * If any dependency is found with non-compliant license information, this tool will exit with a non-zero code.
+   * If all dependencies are okay: generate a report file containing the list of dependencies, their versions, and their
+     respective license information.
+3. Uploads the report to a central location (optional; this is only done when the `--upload` flag is set). 
 
-### gradle
+### `gradle`
 
 * The underlying license report tool is [hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin).
 * You need to *include & configure the plugin in your `build.gradle.kts`*.
 * The output of the plugin is compared with the whitelist programmatically (as we used to do in the `build.gradle.kts`).
 * For subprojects, you need a separate invocation of the license checker, where the directory points to the subproject.
-   * Currently, only subprojects directly below the root project are supported (limited by where the checker looks for the gradle wrapper).
-   * When doing so, take care to specify a different service name to prevent overwriting the license report of the root project.
-   * Please see below for an example.
+    * Currently, only subprojects directly below the root project are supported (limited by where the checker looks for
+      the gradle wrapper).
+    * When doing so, take care to specify a different service name to prevent overwriting the license report of the root
+      project.
+    * Please see below for examples.
 
-```
+```shell
 npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t gradle
 npx @rio-cloud/rio-license-checker -a rio-example -s example-service_sub-project -t gradle -d ./sub-project
 ```
 
-## Usage
+### `npm-frontend` and `npm-backend`
 
-Show usage
+* The underlying license checker tool is [license-checker-rseidelsohn](https://www.npmjs.com/package/license-checker-rseidelsohn).
+* The license checker generates a report and compares the licenses to the passed whitelist.
+* The application's own package is automatically excluded from the report, as it (usually) does not have a license.
+* For testability reasons, we cannot use the programmatic interface of the tool. Instead, we call it as a subprocess via
+  `zx`.
+* You can exclude dependencies by creating a `oss-licenses-ignore-packages.txt` file in the project directory.
+* Note that this will _statically_ inspect the dependencies as defined in your `package.json`. Especially for frontends,
+  this might not be accurate enough. Check out the "manual" type for `npm-frontend-bundled` below.
+
+## `download-whitelist`
+
+To just download the appropriate whitelist file as-is without any processing or running the check, you can use the
+`download-whitelist` command:
 
 ```shell
-npx @rio-cloud/rio-license-checker -h
+npx @rio-cloud/rio-license-checker download-whitelist -t npm-frontend-bundled
 ```
 
-Run the license check for a project. Requires AWS credentials (RIO developer role), e.g. via `AWS_PROFILE=...`.
+Note that this will only work when the current session has access to AWS.
+
+Also note that this only supports the "npm-frontend-bundled" type at the moment, which will save the whitelist as
+`frontend-license-whitelist.json` in the project directory.
+
+This command supports a `directory` and `verbose` option, as well. Check out the usage docs for more info.
+
+## `upload-report`
+
+If your license check is handled by another tool during the build, you can use the `upload-report` command to upload the
+report output from a given file.
 
 ```shell
-npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t npm-frontend --verbose
+npx @rio-cloud/rio-license-checker upload-report -a rio-example -s example-service -t npm-frontend-bundled -r ./build/libraries.json
 ```
+
+Note that this only supports the "npm-frontend-bundled" type at the moment.
+
+This command supports a `verbose` option, as well. Check out the usage docs for more info.

package/dist/index.mjs

@@ -0,0 +1,285 @@
+#!/usr/bin/env node
+import { createRequire } from "node:module";
+import { Command, CommanderError, Option } from "commander";
+import fs from "node:fs";
+import path from "node:path";
+import logger from "loglevel";
+import { GetObjectCommand, PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
+import { GetParameterCommand, SSMClient } from "@aws-sdk/client-ssm";
+import { $, fs as fs$1, path as path$1 } from "zx";
+
+//#region src/s3/license-bucket.ts
+let ossLicensesBucketName;
+const OSS_LICENSES_BUCKET_NAME_SSM_PARAMETER = "/config/oss-licenses/bucket-name";
+const getOssLicensesBucketName = async () => {
+	if (!ossLicensesBucketName) {
+		const ssmClient = new SSMClient();
+		const command = new GetParameterCommand({ Name: OSS_LICENSES_BUCKET_NAME_SSM_PARAMETER });
+		const response = await ssmClient.send(command);
+		if (!response.Parameter?.Value) throw new Error("No license bucket name found");
+		ossLicensesBucketName = response.Parameter.Value;
+		logger.debug(`OSS Licenses Bucket: ${ossLicensesBucketName}`);
+	}
+	return ossLicensesBucketName;
+};
+const s3Keys = {
+	"npm-frontend": "whitelist-npm-frontend.txt",
+	"npm-backend": "whitelist-npm-backend.txt",
+	gradle: "whitelist-gradle.txt",
+	"npm-frontend-bundled": "whitelist-npm-frontend-bundled.json"
+};
+const downloadWhitelistFile = async (checkType) => {
+	const getWhitelistObject = new GetObjectCommand({
+		Bucket: await getOssLicensesBucketName(),
+		Key: s3Keys[checkType]
+	});
+	const whitelistResponse = await new S3Client().send(getWhitelistObject);
+	if (!whitelistResponse.Body) throw new Error("No whitelist found");
+	return whitelistResponse.Body.transformToString();
+};
+const downloadAutomaticWhitelist = async (checkType) => {
+	return (await downloadWhitelistFile(checkType)).split("\n").map(stripQuotes).filter(removeEmptyLines);
+};
+const stripQuotes = (line) => {
+	if (line.startsWith("\"") && line.endsWith("\"")) return line.slice(1, -1);
+	return line;
+};
+const removeEmptyLines = (line) => line.trim().length > 0;
+const uploadLicenseReport = async (accountName, serviceName, type, report) => {
+	const s3Client = new S3Client();
+	const putObjectCommand = new PutObjectCommand({
+		Bucket: await getOssLicensesBucketName(),
+		Key: `reports/${accountName}/${serviceName}_${type}.txt`,
+		Body: report
+	});
+	await s3Client.send(putObjectCommand);
+};
+
+//#endregion
+//#region src/cli/downloadWhitelistFileCommand.ts
+const downloadWhitelistFileCommand = new Command("download-whitelist").description("Download the license whitelist (experimental)").addOption(new Option("-t, --type <type>", "Type of the license check. (only supports \"npm-frontend-bundled\" for now)").makeOptionMandatory(true).choices(["npm-frontend-bundled"])).option("-d, --directory <directory>", "Directory to save the downloaded whitelist file to", process.cwd()).option("-v, --verbose", "Enable debug logging", false).action(async ({ type, directory, verbose }) => {
+	logger.setLevel(verbose ? "debug" : "info");
+	const licenseWhitelistFileContent = await downloadWhitelistFile(type);
+	const prettyJson = JSON.stringify(JSON.parse(licenseWhitelistFileContent), null, 2);
+	logger.debug(`Licenses whitelist:\n----------------\n${prettyJson}\n----------------`);
+	const whitelistFilePath = await saveWhitelistFile(directory, type, licenseWhitelistFileContent);
+	logger.info(`Successfully downloaded whitelist file into ${whitelistFilePath}`);
+});
+const whitelistFilenames = { "npm-frontend-bundled": "frontend-license-whitelist.json" };
+const saveWhitelistFile = async (directory, checkType, content) => {
+	const filename = whitelistFilenames[checkType];
+	const filePath = path.join(directory, filename);
+	await fs.promises.writeFile(filePath, content, "utf8");
+	return filePath;
+};
+
+//#endregion
+//#region src/types.ts
+var LicenseCheckError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "LicenseCheckError";
+	}
+};
+var CliArgsError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "CliArgsError";
+	}
+};
+const automaticWhitelists = [
+	"npm-backend",
+	"npm-frontend",
+	"gradle"
+];
+
+//#endregion
+//#region src/integrations/license-checker-gradle.ts
+const normalizeLicenseReport = (report) => {
+	const sortedLicences = report.licences.map((license) => ({
+		...license,
+		dependencies: [...license.dependencies].sort((a, b) => a.localeCompare(b))
+	})).sort((a, b) => {
+		const nameCompare = a.name.localeCompare(b.name);
+		if (nameCompare !== 0) return nameCompare;
+		const urlCompare = (a.url ?? "").localeCompare(b.url ?? "");
+		if (urlCompare !== 0) return urlCompare;
+		const dependenciesA = a.dependencies.join("|");
+		const dependenciesB = b.dependencies.join("|");
+		return dependenciesA.localeCompare(dependenciesB);
+	});
+	return {
+		...report,
+		licences: sortedLicences
+	};
+};
+/**
+* Calls the gradle license checker with the given options. If a license is found that is not in the whitelist, an error is thrown.
+* @param directory Folder containing the package.json to analyze
+* @param licenseWhitelist List of allowed licenses
+* @param excludePackages List of packages to exclude from the report, e.g. the current package
+*
+* @returns A dependency report generated by the license checker
+*/
+const callGradleLicenseChecker = async ({ directory, licenseWhitelist }) => {
+	const gradleWrapper = await discoverGradleWrapper(directory);
+	const result = await $({
+		cwd: directory,
+		nothrow: true,
+		quiet: true
+	})`./${gradleWrapper} downloadLicenses`;
+	if (result.exitCode !== 0) throw new LicenseCheckError(`NOTE: This script requires the license-gradle-plugin to be configured, so that the script ./gradlew downloadLicenses works.\nSee https://github.com/hierynomus/license-gradle-plugin for details.\n${result.stderr.trimEnd()}`);
+	const licensesByLicenseNameFile = path$1.join(directory, "build", "reports", "license", "license-dependency.json");
+	const licensesByLicenseName = normalizeLicenseReport(JSON.parse(await fs$1.readFile(licensesByLicenseNameFile, "utf8")));
+	if (licensesByLicenseName.licences.length === 0) throw new LicenseCheckError("List of licenses is empty. It is highly unlikely your project has no dependencies. Check the configuration of the license-gradle-plugin.");
+	const allowedLicenses = new Set(licenseWhitelist);
+	const notAllowedLicenses = /* @__PURE__ */ new Set();
+	for (const license of licensesByLicenseName.licences) if (!allowedLicenses.has(license.name)) {
+		notAllowedLicenses.add(license.name);
+		logger.warn(`License "${license.name}" is not in the whitelist. It is used by:\n${license.dependencies.join("\n")}`);
+	}
+	if (notAllowedLicenses.size > 0) throw new LicenseCheckError(`The following licenses are not in the whitelist: ${Array.from(notAllowedLicenses).sort().join(", ")}`);
+	return JSON.stringify(licensesByLicenseName, null, 2);
+};
+const discoverGradleWrapper = async (directory) => {
+	const gradleWrapperFile = path$1.join(directory, "gradlew");
+	if (fs$1.existsSync(gradleWrapperFile)) return "gradlew";
+	if (fs$1.existsSync(path$1.join(directory, "..", "gradlew"))) return "../gradlew";
+	throw new LicenseCheckError(`Could not find gradle wrapper in ${directory} or the parent directory. Please ensure that the gradle wrapper is present.`);
+};
+
+//#endregion
+//#region src/integrations/license-checker-npm.ts
+const resolveLicenseCheckerPath = () => {
+	return createRequire(import.meta.url).resolve("license-checker-rseidelsohn/bin/license-checker-rseidelsohn");
+};
+/**
+* Calls the npm license checker with the given options. If a license is found that is not in the whitelist, an error is thrown.
+* @param directory Folder containing the package.json to analyze
+* @param licenseWhitelist List of allowed licenses
+* @param excludePackages List of packages to exclude from the report, e.g. the current package
+*
+* @returns A dependency report generated by the license checker
+*/
+const callNpmLicenseChecker = async ({ directory, licenseWhitelist, excludePackages }) => {
+	const licenseCheckExecutable = resolveLicenseCheckerPath();
+	if (licenseWhitelist.length === 0) throw new Error("No licenses in whitelist. This would allow all licenses, which is certainly not intended.");
+	const onlyAllowOption = licenseWhitelist.join(";");
+	const excludePackagesOption = excludePackages.join(";");
+	const result = await $({
+		cwd: directory,
+		nothrow: true,
+		quiet: true
+	})`${licenseCheckExecutable} --json --production --onlyAllow ${onlyAllowOption} --excludePackages ${excludePackagesOption} --relativeModulePath`;
+	if (result.exitCode !== 0) throw new LicenseCheckError(result.stderr.trimEnd());
+	return result.stdout;
+};
+
+//#endregion
+//#region src/cli/validations.ts
+const validateAccountName = (accountName) => {
+	if (!accountName.match(/^[a-zA-Z0-9-_]+$/)) throw new CliArgsError("Account name must only contain alphanumeric characters, hyphens and underscores");
+};
+const validateServiceName = (serviceName) => {
+	if (!serviceName.match(/^[a-zA-Z0-9-_]+$/)) throw new CliArgsError("Service name must only contain alphanumeric characters, hyphens and underscores");
+};
+
+//#endregion
+//#region src/cli/runCheckCommand.ts
+const runCheckCommand = new Command("run-check").summary("(default) Run an automated license check and optionally upload the report to S3").description("This is the default command to be used for backend and \"traditional\" frontend projects.\n\nWill download the whitelist, then perform the check and upload the report in one single step.").addOption(new Option("-t, --type <type>", "Type of the license check").makeOptionMandatory(true).choices(automaticWhitelists)).option("-a, --account-name <account>", "Account / context name").option("-s, --service-name <service>", "Service name").option("-d, --directory <directory>", "Directory of the project to check licenses for", process.cwd()).option("-u, --upload", "Upload license report to S3", false).option("-v, --verbose", "Enable debug logging", false).action(async (options) => {
+	logger.setLevel(options.verbose ? "debug" : "info");
+	const contextName = options.accountName;
+	const serviceName = options.serviceName;
+	const checkType = options.type;
+	const upload = options.upload;
+	if (upload) {
+		if (!contextName) throw new CliArgsError("Account name must not be empty when --upload is specified");
+		validateAccountName(contextName);
+		if (!serviceName) throw new CliArgsError("Service name must not be empty when --upload is specified");
+		validateServiceName(serviceName);
+	}
+	const licenseWhitelist = await downloadAutomaticWhitelist(checkType);
+	logger.debug(`Licenses whitelist:\n----------------\n${licenseWhitelist.join("\n")}\n----------------`);
+	let result;
+	switch (checkType) {
+		case "npm-backend":
+		case "npm-frontend": {
+			if (!fs.existsSync(path.join(options.directory, "node_modules"))) throw new Error("No node_modules directory found. Please run \"npm ci\" before using the license checker.");
+			const excludeForApplicationPackage = getExcludeForApplicationPackage(options.directory);
+			const ignorePackages = readIgnorePackages(options.directory);
+			result = await callNpmLicenseChecker({
+				directory: options.directory,
+				licenseWhitelist,
+				excludePackages: [excludeForApplicationPackage, ...ignorePackages]
+			});
+			break;
+		}
+		case "gradle":
+			result = await callGradleLicenseChecker({
+				directory: options.directory,
+				licenseWhitelist
+			});
+			break;
+		default: throw new Error(`Unknown license check type: ${options.type}`);
+	}
+	logger.debug(`License report:\n${result.trimEnd()}`);
+	if (upload) {
+		await uploadLicenseReport(contextName, serviceName, checkType, result);
+		logger.info(`Uploaded license report for ${contextName}/${serviceName}_${checkType}`);
+	}
+});
+const getExcludeForApplicationPackage = (directory) => {
+	const packageJson = JSON.parse(fs.readFileSync(path.join(directory, "package.json"), "utf8"));
+	const serviceVersion = packageJson.version;
+	return `${packageJson.name}@${serviceVersion}`;
+};
+const readIgnorePackages = (directory) => {
+	const ignorePackagesFile = path.join(directory, "oss-licenses-ignore-packages.txt");
+	let ignorePackages = [];
+	if (fs.existsSync(ignorePackagesFile)) ignorePackages = fs.readFileSync(ignorePackagesFile, "utf8").split("\n").filter((line) => line.trim() !== "");
+	return ignorePackages;
+};
+
+//#endregion
+//#region src/cli/uploadReportCommand.ts
+const uploadReportCommand = new Command("upload-report").description("Upload a license report (placeholder)").addOption(new Option("-t, --type <type>", "Type of the license check. (only supports \"npm-frontend-bundled\" for now)").makeOptionMandatory(true).choices(["npm-frontend-bundled"])).addOption(new Option("-a, --account-name <account>", "Account / context name").makeOptionMandatory(true)).addOption(new Option("-s, --service-name <service>", "Service name").makeOptionMandatory(true)).addOption(new Option("-r, --report-file <file>", "Path to the license report file").makeOptionMandatory(true)).option("-v, --verbose", "Enable debug logging", false).action(async ({ type, accountName, serviceName, reportFile, verbose }) => {
+	logger.setLevel(verbose ? "debug" : "info");
+	validateAccountName(accountName);
+	validateServiceName(serviceName);
+	const reportFileContent = await fs.promises.readFile(reportFile, "utf8");
+	logger.debug(`Report file:\n${reportFileContent}\n`);
+	await uploadLicenseReport(accountName, serviceName, type, reportFileContent);
+	logger.info(`Uploaded license report for ${accountName}/${serviceName}_${type}`);
+});
+
+//#endregion
+//#region src/cli.ts
+const wrapCommand = (command) => command.exitOverride((error) => {
+	throw error;
+});
+const cli = (args) => {
+	const program = new Command();
+	program.name("npx @rio-cloud/rio-license-checker").addCommand(wrapCommand(runCheckCommand), { isDefault: true }).addCommand(wrapCommand(downloadWhitelistFileCommand)).addCommand(wrapCommand(uploadReportCommand)).addHelpText("after", `\n"run-check" is the default command if you don't specify one.\nRun "npx @rio-cloud/rio-license-checker help run-check" for details.`);
+	return program.parseAsync(args);
+};
+
+//#endregion
+//#region src/index.ts
+try {
+	await cli(process.argv);
+} catch (error) {
+	if (error instanceof LicenseCheckError) {
+		console.error(error.message);
+		process.exit(2);
+	} else if (error instanceof CliArgsError) {
+		console.error(error.message);
+		process.exit(3);
+	} else if (error instanceof CommanderError) process.exit(error.exitCode);
+	else {
+		console.error("unknown error", error);
+		process.exit(1);
+	}
+}
+
+//#endregion
+export {  };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rio-cloud/rio-license-checker",
-	"version": "1.1.2",
+	"version": "1.2.0-alpha.0",
 	"type": "module",
 	"license": "Apache-2.0",
 	"repository": {
@@ -13,8 +13,10 @@
 		"organization": true
 	},
 	"scripts": {
+		"build": "tsdown",
+		"dev": "tsdown --watch ./src",
 		"pretest": "tsc",
-		"test": "vitest --test-timeout=60000",
+		"test": "vitest run",
 		"vulnerability-check": "npm audit --registry https://registry.npmjs.org --parseable --audit-level=moderate --omit=dev",
 		"bump": "commit-and-tag-version -a --no-verify",
 		"release": "npm run test && npm run bump",
@@ -23,39 +25,37 @@
 		"release:push": "echo '✅ pushing release' && git push origin main --follow-tags"
 	},
 	"bin": {
-		"rio-license-checker": "src/rio-license-checker.ts"
+		"rio-license-checker": "dist/index.mjs"
 	},
 	"files": [
-		"src",
-		"tsconfig.json",
-		"README.md",
-		"CHANGELOG.md"
+		"dist"
 	],
 	"dependencies": {
-		"@aws-sdk/client-s3": "3.879.0",
-		"@aws-sdk/client-ssm": "3.879.0",
-		"commander": "14.0.0",
+		"@aws-sdk/client-s3": "3.937.0",
+		"@aws-sdk/client-ssm": "3.936.0",
+		"commander": "14.0.2",
 		"license-checker-rseidelsohn": "4.4.2",
 		"loglevel": "1.9.2",
-		"tsx": "4.20.5",
-		"zx": "8.8.1"
+		"zx": "8.8.5"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "2.2.2",
+		"@biomejs/biome": "2.3.7",
 		"@rio-cloud/biome-config-claid": "1.0.0",
-		"@tsconfig/node22": "22.0.2",
+		"@tsconfig/node22": "22.0.5",
 		"@types/jest": "30.0.0",
 		"@types/license-checker": "25.0.6",
-		"@types/node": "24.0.3",
+		"@types/node": "24.10.1",
 		"aws-sdk-client-mock": "4.1.0",
 		"aws-sdk-client-mock-jest": "4.1.0",
-		"chalk": "5.6.0",
-		"commit-and-tag-version": "12.5.2",
-		"typescript": "5.9.2",
-		"vitest": "3.2.4"
+		"chalk": "5.6.2",
+		"commit-and-tag-version": "12.6.0",
+		"tsdown": "0.16.6",
+		"typescript": "5.9.3",
+		"vitest": "4.0.14"
 	},
 	"overrides": {
-		"form-data": ">=4.0.4"
+		"form-data": ">=4.0.4",
+		"glob": ">=10.5.0"
 	},
 	"commit-and-tag-version": {
 		"commitUrlFormat": "https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/commits/{{hash}}",

package/CHANGELOG.md

@@ -1,34 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
-
-## [1.1.2](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.1.1&sourceBranch=refs%2Ftags%2Fv1.1.2) (2025-09-08)
-
-## [1.1.1](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.1.0&sourceBranch=refs%2Ftags%2Fv1.1.1) (2025-06-03)
-
-## [1.1.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.0.1&sourceBranch=refs%2Ftags%2Fv1.1.0) (2025-06-03)
-
-
-### Features
-
-* Support gradle subprojects ([0cee7bf](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/commits/0cee7bfc2c2bde766fd5aaa329dc592c53d89de7))
-
-## [1.0.1](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.0.0&sourceBranch=refs%2Ftags%2Fv1.0.1) (2025-05-20)
-
-
-### Bug Fixes
-
-* relax required node version ([c8a3d8d](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/commits/c8a3d8de0a2da634a7e869b97932d9be0e6bc36c))
-
-## [1.0.0](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.0.0-alpha.2&sourceBranch=refs%2Ftags%2Fv1.0.0) (2025-03-28)
-
-## [1.0.0-alpha.2](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.0.0-alpha.1&sourceBranch=refs%2Ftags%2Fv1.0.0-alpha.2) (2025-03-21)
-
-
-### Features
-
-* Append type (passed via --type) as suffix to the uploaded filename ([382362b](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/commits/382362ba1afdfaa9f758cf156f01c392f60ebea1))
-
-## [1.0.0-alpha.1](https://bitbucket.collaboration-man.com/projects/RIODEV/repos/rio-license-checker/compare/commits?targetBranch=refs%2Ftags%2Fv1.0.0-alpha.0&sourceBranch=refs%2Ftags%2Fv1.0.0-alpha.1) (2025-03-13)
-
-## 1.0.0-alpha.0 (2025-03-12)

package/src/cli.ts

@@ -1,115 +0,0 @@
-import { Command, Option } from 'commander';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { downloadWhitelist, uploadLicenseReport } from './license-bucket.js';
-import logger from 'loglevel';
-import { callNpmLicenseChecker } from './license-checker-npm.js';
-import { callGradleLicenseChecker } from './license-checker-gradle.js';
-import { CliArgsError, LicenseCheckType } from './types.js';
-
-export const cli = async (args: string[]) => {
-	const program = new Command();
-
-	program
-		.name('check-licenses')
-		.option('-a, --account-name <account>', 'Account / context name')
-		.option('-s, --service-name <service>', 'Service name')
-		.addOption(
-			new Option('-t, --type <type>', 'Type of the license check')
-				.makeOptionMandatory(true)
-				.choices(Object.values(LicenseCheckType)),
-		)
-		.addOption(
-			new Option(
-				'-d, --directory <directory>',
-				'Directory to check licenses for (defaults to current directory)',
-			).default(process.cwd()),
-		)
-		.addOption(new Option('-u, --upload', 'Upload license report to S3').default(false))
-		.addOption(new Option('-v, --verbose', 'Enable debug logging').default(false))
-		.parse(args);
-
-	logger.setLevel(program.opts().verbose ? 'debug' : 'info');
-
-	const contextName = program.opts().accountName;
-	const serviceName = program.opts().serviceName;
-	const checkType = parseType(program.opts().type);
-	const upload = program.opts().upload as boolean;
-
-	if (!contextName) {
-		if (upload) {
-			throw new CliArgsError('Account name must not be empty when --upload is specified');
-		}
-	} else if (!contextName.match(/^[a-zA-Z0-9-_]+$/)) {
-		throw new CliArgsError('Account name must only contain alphanumeric characters, hyphens and underscores');
-	}
-	if (!serviceName) {
-		if (upload) {
-			throw new CliArgsError('Service name must not be empty when --upload is specified');
-		}
-	} else if (!serviceName.match(/^[a-zA-Z0-9-_]+$/)) {
-		throw new CliArgsError('Service name must only contain alphanumeric characters, hyphens and underscores');
-	}
-
-	const licenseWhitelist = await downloadWhitelist(checkType);
-	logger.debug(`Licenses whitelist:\n----------------\n${licenseWhitelist.join('\n')}\n----------------`);
-
-	let result: string;
-
-	if ([LicenseCheckType.NPM_BACKEND, LicenseCheckType.NPM_FRONTEND].includes(checkType)) {
-		if (!fs.existsSync(path.join(program.opts().directory, 'node_modules'))) {
-			throw new Error('No node_modules directory found. Please run "npm ci" before using the license checker.');
-		}
-
-		const excludeForApplicationPackage = getExcludeForApplicationPackage(program.opts().directory);
-		const ignorePackages = readIgnorePackages(program.opts().directory);
-
-		result = await callNpmLicenseChecker({
-			directory: program.opts().directory,
-			licenseWhitelist,
-			excludePackages: [excludeForApplicationPackage, ...ignorePackages],
-		});
-	} else if (checkType === LicenseCheckType.GRADLE) {
-		result = await callGradleLicenseChecker({
-			directory: program.opts().directory,
-			licenseWhitelist,
-		});
-	} else {
-		throw new Error(`Unknown license check type: ${program.opts().type}`);
-	}
-
-	logger.debug(`License report:\n${result.trimEnd()}`);
-
-	if (upload) {
-		await uploadLicenseReport(contextName, serviceName, checkType, result);
-		logger.info(`Uploaded license report for ${contextName}/${serviceName}_${checkType}`);
-	}
-};
-
-export const parseType = (value: string): LicenseCheckType => {
-	for (const type of Object.values(LicenseCheckType)) {
-		if (type === value) {
-			return type;
-		}
-	}
-	throw new Error(`Unknown whitelist type: ${value}`);
-};
-
-const getExcludeForApplicationPackage = (directory: string): string => {
-	const packageJson = JSON.parse(fs.readFileSync(path.join(directory, 'package.json'), 'utf8'));
-	const serviceVersion = packageJson.version;
-	const packageName = packageJson.name;
-	return `${packageName}@${serviceVersion}`;
-};
-
-const readIgnorePackages = (directory: string): string[] => {
-	const ignorePackagesFile = path.join(directory, 'oss-licenses-ignore-packages.txt');
-	let ignorePackages: string[] = [];
-	if (fs.existsSync(ignorePackagesFile)) {
-		ignorePackages = fs
-			.readFileSync(ignorePackagesFile, 'utf8')
-			.split('\n')
-			.filter((line) => line.trim() !== '');
-	}
-	return ignorePackages;
-};

package/src/license-bucket.ts

@@ -1,73 +0,0 @@
-import { GetParameterCommand, SSMClient } from '@aws-sdk/client-ssm';
-import { GetObjectCommand, PutObjectCommand, S3Client } from '@aws-sdk/client-s3';
-import logger from 'loglevel';
-import { LicenseCheckType } from './types.js';
-
-let ossLicensesBucketName: string;
-
-const OSS_LICENSES_BUCKET_NAME_SSM_PARAMETER = '/config/oss-licenses/bucket-name';
-
-const getOssLicensesBucketName = async (): Promise<string> => {
-	if (!ossLicensesBucketName) {
-		const ssmClient = new SSMClient();
-		const command = new GetParameterCommand({
-			Name: OSS_LICENSES_BUCKET_NAME_SSM_PARAMETER,
-		});
-		const response = await ssmClient.send(command);
-		if (!response.Parameter?.Value) {
-			throw new Error('No license bucket name found');
-		}
-		ossLicensesBucketName = response.Parameter.Value;
-		logger.debug(`OSS Licenses Bucket: ${ossLicensesBucketName}`);
-	}
-	return ossLicensesBucketName;
-};
-
-const getWhitelistKey = (checkType: LicenseCheckType): string => {
-	switch (checkType) {
-		case LicenseCheckType.NPM_FRONTEND:
-			return 'whitelist-npm-frontend.txt';
-		case LicenseCheckType.NPM_BACKEND:
-			return 'whitelist-npm-backend.txt';
-		case LicenseCheckType.GRADLE:
-			return 'whitelist-gradle.txt';
-		default:
-			throw new Error(`Unknown whitelist type: ${checkType}`);
-	}
-};
-
-export const downloadWhitelist = async (checkType: LicenseCheckType): Promise<string[]> => {
-	const getWhitelistObject = new GetObjectCommand({
-		Bucket: await getOssLicensesBucketName(),
-		Key: getWhitelistKey(checkType),
-	});
-	const s3Client = new S3Client();
-
-	const whitelistResponse = await s3Client.send(getWhitelistObject);
-	if (!whitelistResponse.Body) {
-		throw new Error('No whitelist found');
-	}
-
-	const whitelistBuffer = await whitelistResponse.Body.transformToString();
-	return whitelistBuffer
-		.split('\n')
-		.map((line) => stripQuotes(line))
-		.filter((line) => line.trim().length > 0);
-};
-
-const stripQuotes = (line: string) => {
-	if (line.startsWith('"') && line.endsWith('"')) {
-		return line.slice(1, -1);
-	}
-	return line;
-};
-
-export const uploadLicenseReport = async (accountName: string, serviceName: string, type: string, report: string) => {
-	const s3Client = new S3Client();
-	const putObjectCommand = new PutObjectCommand({
-		Bucket: await getOssLicensesBucketName(),
-		Key: `reports/${accountName}/${serviceName}_${type}.txt`,
-		Body: report,
-	});
-	await s3Client.send(putObjectCommand);
-};

package/src/license-checker-gradle.ts

@@ -1,70 +0,0 @@
-import {$, fs, path} from 'zx';
-import {type LicenseCheckerOptions, LicenseCheckError} from './types.js';
-import logger from 'loglevel';
-
-/**
- * Calls the gradle license checker with the given options. If a license is found that is not in the whitelist, an error is thrown.
- * @param directory Folder containing the package.json to analyze
- * @param licenseWhitelist List of allowed licenses
- * @param excludePackages List of packages to exclude from the report, e.g. the current package
- *
- * @returns A dependency report generated by the license checker
- */
-export const callGradleLicenseChecker = async ({
-                                                 directory,
-                                                 licenseWhitelist,
-                                               }: Omit<LicenseCheckerOptions, 'excludePackages'>): Promise<string> => {
-  const gradleWrapper = await discoverGradleWrapper(directory);
-  const $$ = $({cwd: directory, nothrow: true, quiet: true});
-  const result = await $$`./${gradleWrapper} downloadLicenses`;
-
-  if (result.exitCode !== 0) {
-    throw new LicenseCheckError(
-      `NOTE: This script requires the license-gradle-plugin to be configured, so that the script ./gradlew downloadLicenses works.\nSee https://github.com/hierynomus/license-gradle-plugin for details.\n${result.stderr.trimEnd()}`,
-    );
-  }
-
-  // open file
-  const licensesByLicenseNameFile = path.join(directory, 'build', 'reports', 'license', 'license-dependency.json');
-  const licensesByLicenseName = JSON.parse(await fs.readFile(licensesByLicenseNameFile, 'utf8'));
-
-  if (licensesByLicenseName.licences.length === 0) {
-    throw new LicenseCheckError(
-      'List of licenses is empty. It is highly unlikely your project has no dependencies. Check the configuration of the license-gradle-plugin.',
-    );
-  }
-
-  // filter out allowed licenses
-  const allowedLicenses = new Set(licenseWhitelist);
-  const notAllowedLicenses = new Set();
-  for (const license of licensesByLicenseName.licences) {
-    if (!allowedLicenses.has(license.name)) {
-      notAllowedLicenses.add(license.name);
-      logger.warn(
-        `License "${license.name}" is not in the whitelist. It is used by:\n${license.dependencies.join('\n')}`,
-      );
-    }
-  }
-
-  if (notAllowedLicenses.size > 0) {
-    throw new LicenseCheckError(
-      `The following licenses are not in the whitelist: ${Array.from(notAllowedLicenses).join(', ')}`,
-    );
-  }
-
-  return JSON.stringify(licensesByLicenseName, null, 2);
-};
-
-const discoverGradleWrapper = async (directory: string): Promise<string | undefined> => {
-  // For now, only check the current directory and the parent directory for the gradle wrapper - this might need to be extended if someone has a more complex project structure.
-  const gradleWrapperFile = path.join(directory, 'gradlew');
-  if (fs.existsSync(gradleWrapperFile)) {
-    return 'gradlew';
-  }
-  if (fs.existsSync(path.join(directory, '..', 'gradlew'))) {
-    return '../gradlew';
-  }
-  throw new LicenseCheckError(
-    `Could not find gradle wrapper in ${directory} or the parent directory. Please ensure that the gradle wrapper is present.`,
-  );
-}

package/src/license-checker-npm.ts

@@ -1,38 +0,0 @@
-import { $ } from 'zx';
-import { createRequire } from 'node:module';
-import { type LicenseCheckerOptions, LicenseCheckError } from './types.js';
-
-const resolveLicenseCheckerPath = (): string => {
-	const require = createRequire(import.meta.url);
-	return require.resolve('license-checker-rseidelsohn/bin/license-checker-rseidelsohn');
-};
-
-/**
- * Calls the npm license checker with the given options. If a license is found that is not in the whitelist, an error is thrown.
- * @param directory Folder containing the package.json to analyze
- * @param licenseWhitelist List of allowed licenses
- * @param excludePackages List of packages to exclude from the report, e.g. the current package
- *
- * @returns A dependency report generated by the license checker
- */
-export const callNpmLicenseChecker = async ({
-	directory,
-	licenseWhitelist,
-	excludePackages,
-}: LicenseCheckerOptions): Promise<string> => {
-	const licenseCheckExecutable = resolveLicenseCheckerPath();
-	if (licenseWhitelist.length === 0) {
-		throw new Error('No licenses in whitelist. This would allow all licenses, which is certainly not intended.');
-	}
-	const onlyAllowOption = licenseWhitelist.join(';');
-	const excludePackagesOption = excludePackages.join(';');
-
-	const $$ = $({ cwd: directory, nothrow: true, quiet: true });
-	const result =
-		await $$`${licenseCheckExecutable} --json --production --onlyAllow ${onlyAllowOption} --excludePackages ${excludePackagesOption} --relativeModulePath`;
-	if (result.exitCode !== 0) {
-		throw new LicenseCheckError(result.stderr.trimEnd());
-	}
-
-	return result.stdout;
-};

package/src/rio-license-checker.ts

@@ -1,19 +0,0 @@
-#!/usr/bin/env -S npx tsx
-
-import { cli } from './cli.js';
-import { CliArgsError, LicenseCheckError } from './types.js';
-
-try {
-	await cli(process.argv);
-} catch (error) {
-	if (error instanceof LicenseCheckError) {
-		console.error(error.message);
-		process.exit(2);
-	} else if (error instanceof CliArgsError) {
-		console.error(error.message);
-		process.exit(3);
-	} else {
-		console.error(error);
-		process.exit(1);
-	}
-}

package/src/types.ts

@@ -1,25 +0,0 @@
-export interface LicenseCheckerOptions {
-	directory: string;
-	licenseWhitelist: string[];
-	excludePackages: string[];
-}
-
-export class LicenseCheckError extends Error {
-	constructor(message: string) {
-		super(message);
-		this.name = 'LicenseCheckError';
-	}
-}
-
-export class CliArgsError extends Error {
-	constructor(message: string) {
-		super(message);
-		this.name = 'CliArgsError';
-	}
-}
-
-export enum LicenseCheckType {
-	NPM_BACKEND = 'npm-backend',
-	NPM_FRONTEND = 'npm-frontend',
-	GRADLE = 'gradle',
-}

package/tsconfig.json

@@ -1,6 +0,0 @@
-{
-	"extends": "@tsconfig/node22/tsconfig.json",
-	"compilerOptions": {
-		"noEmit": true
-	}
-}