-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support in check-license
for conjunctive (AND) licenses.
#46801
Conversation
Conjuctive licenses were being ignored in both the `package.json` and within various LICENSE files. In the first case, this could lead to false negatives $(e.g., 'MIT AND BSD' being treated as non-compatible). In the second case, the implementation was such that only one license was returned (whichever detected license occurred later in `licenseFileStrings`). Based on the ordering of that list, this was likely to cause a false positive, because the non-compatible 'Apache-2.0' license occurs before any of the compatible licenses. Progress on WordPress#38461.
See my comment in #38461 about the |
The patch looks solid. Thank you for working on it and for including test coverage that is going to make it easier to apply further refactoring with confidence. I'm still catching up with your work, but I hope to land this PR when I confirm as soon as I verify it works as expected. Do you think it deserves a new entry in the changelog file https://github.com/WordPress/gutenberg/blob/trunk/packages/scripts/CHANGELOG.md under |
Thank you. Changelog entry added. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I missed it. Let's get it included in the @wordpress/scripts
package. We might need a follow-up for the CHANGELOG, but I can handle it. Thank you so much for the contribution and the refactoring with accompanying unit tests 🎉
Fixed in f34b4ac. I didn't want to hold this PR any longer ... |
What?
Conjuctive licenses were being ignored in both the
package.json
and within various LICENSE files. In the first case, this could lead to false negatives $(e.g., 'MIT AND BSD' being treated as non-compatible). In the second case, the implementation was such that only one license was returned (whichever detected license occurred later inlicenseFileStrings
). Based on the ordering of that list, this was likely to cause a false positive, because the non-compatible 'Apache-2.0' license occurs before any of the compatible licenses.Progress on #38461.
Why?
Conjunctive licenses for dependencies could either result in false negative (license-compatible dependencies being deemed incompatible) or false positive (license-incompatible dependencies being deemed compatible), depending on how they were detected.
How?
Testing Instructions
shaka-player
dependency. I did so.The following output is observed on
trunk
:On my
check-license
branch, the following output is observed:Note the addition of
shaka-player
as directly incompatible.