Tools: Invalid licenses in node_modules

Created on 12 Aug 2020  Β·  5Comments  Β·  Source: rome/tools

I'm seeing linting error even though node_modules is in lint.ignore section

rome.json in .config

// For configuration documentation see http://romefrontend.dev/#project-configuration
name: "rome-poc"
root: true
lint: {
    ignore: ["node_modules/**"]

}

Run rome check

node_modules/pouchdb-collections/package.json:44:14 parse/spdxLicense ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  βœ– Unknown SPDX license Apache

  β„Ή Did you mean Apache-1.0?

  - Apache
  + Apache-1.0

  β„Ή Or one of these?

  - Apache-1.1
  - Apache-2.0
needs triage

Most helpful comment

So what is the resolution here? I'm not sure it's reasonable to expect that people only use dependencies that have a valid license in the package.json since that is largely out of their control.

All 5 comments

We "lint" package.json files but it’s not really linting. We load, normalize, and validate any we see during project initialization since they’re required for module resolution.

It has been an area of confusion though because you cannot ignore them because any validation errors are either legitimate problems or bugs/unhandled validation cases, and are fatal.

So what is the resolution here? I'm not sure it's reasonable to expect that people only use dependencies that have a valid license in the package.json since that is largely out of their control.

Probably a project config option to allow certain invalid licenses.

FYI: this is a template generated with expo to generate a react-native application.

Next release will have a new configuration space where to store these invalid licenses

Was this page helpful?
0 / 5 - 0 ratings

Related issues

linvain picture linvain  Β·  4Comments

sebmck picture sebmck  Β·  3Comments

VictorHom picture VictorHom  Β·  3Comments

sebmck picture sebmck  Β·  3Comments

arslivinski picture arslivinski  Β·  5Comments