rollup-plugin-license

Rollup plugin that can be used to:

• Prepend a banner from a file.
• Create a file containing all third-parties used in the bundle (and display the license of each dependency).

How to use

Install the plugin with NPM:

npm install --save-dev rollup-plugin-license

Then add it to your rollup configuration:

1const path = require('path');
2const license = require('rollup-plugin-license');
3
4module.exports = {
5  plugins: [
6    license({
7      sourcemap: true,
8      cwd: process.cwd(), // The default
9
10      banner: {
11        commentStyle: 'regular', // The default
12
13        content: {
14          file: path.join(__dirname, 'LICENSE'),
15          encoding: 'utf-8', // Default is utf-8
16        },
17
18        // Optional, may be an object or a function returning an object.
19        data() {
20          return {
21            foo: 'foo',
22          };
23        },
24      },
25
26      thirdParty: {
27        includePrivate: true, // Default is false.
28        includeSelf: true, // Default is false.
29        multipleVersions: true, // Default is false.
30        output: {
31          file: path.join(__dirname, 'dist', 'dependencies.txt'),
32          encoding: 'utf-8', // Default is utf-8.
33        },
34      },
35    }),
36  ],
37}

Banner

Banner file

The banner file can be a text file and it will be converted to a block comment automatically if needed.

Note that the content will be translated to a lodash template with the following data model:

• pkg: The content of the project package.json.
• dependencies: An array of all the dependencies included in the bundle.
• moment: The moment object.
• _: The lodash object.
• data A custom data object, defined in banner options.

Here is a valid banner:

1Bundle of <%= pkg.name %>
2Generated: <%= moment().format('YYYY-MM-DD') %>
3Version: <%= pkg.version %>
4Dependencies:
5<% _.forEach(dependencies, function (dependency) { %>
6  <%= dependency.name %> -- <%= dependency.version %>
7<% }) %>

Comment style

Since version 0.10.0, it is possible to customize banner style using the commentStyle option:

1license({
2  banner: {
3    commentStyle: 'regular', // The default
4    content: {
5      file: path.join(__dirname, 'LICENSE'),
6    },
7  },
8})

Following options are available:

• regular: "classic" comment block is used (this is the default), for example:

1/**
2 * This is the `regular` style.
3 */

• ignored: a comment block with prefix ignored by minifiers, for example:

1/*!
2 * This is the `ignored` style.
3 */

• slash: banner is prepended using "slash" comments, for example:

1//
2// This is the `slash` style.
3//

• none: nothing done, be careful to prepenbd a banner already "commented".

Banner as a "simple" string

Since version 0.3.0, banner can be a simple string that will be used directly:

1const license = require('rollup-plugin-license');
2
3module.exports = {
4  plugins: [
5    license({
6      banner: `Copyright <%= moment().format('YYYY') %>`,
7    }),
8  ],
9}

If you want to add some options to banner (such as the comment style to use), and still define it as a string (insead of pointing to a file), you can also define the banner like this (since version 0.11.0):

1const license = require('rollup-plugin-license');
2
3module.exports = {
4  plugins: [
5    license({
6      banner: {
7        content: `Copyright <%= moment().format('YYYY') %>`,
8        commentStyle: 'ignored',
9      },
10    }),
11  ],
12}

Deprecated format

Until version 0.10.0, banner file was defined as:

1const path = require('path');
2const license = require('rollup-plugin-license');
3
4module.exports = {
5  plugins: [
6    license({
7      banner: {
8        file: path.join(__dirname, 'LICENSE'),
9        encoding: 'utf-8',
10      },
11    }),
12  ],
13};

This format has been deprecated with version 0.11.0 and removed with version 1.0.O, and the banner file should be defined inside banner.content entry:

1const path = require('path');
2const license = require('rollup-plugin-license');
3
4module.exports = {
5  plugins: [
6    license({
7      banner: {
8        content: {
9          file: path.join(__dirname, 'LICENSE'),
10          encoding: 'utf-8',
11        },
12      },
13    }),
14  ],
15};

Dependencies output

A file containing a summary of all dependencies can be generated automatically using the following options:

1license({
2  thirdParty: {
3    output: path.join(__dirname, 'dist', 'dependencies.txt'),
4    includePrivate: true, // Default is false.
5  },
6})

Starting with version 0.12.0, you can have more control by defining output as an object, for example:

1license({
2  thirdParty: {
3    includePrivate: false,
4    output: {
5      file: path.join(__dirname, 'dist', 'dependencies.txt'), // Path of the license report
6      encoding: 'utf-8', // default is UTF-8
7
8      // Template function that can be defined to customize report output
9      template(dependencies) {
10        return dependencies.map((dependency) => `${dependency.name}:${dependency.version} -- ${dependency.license}`).join('\n');
11      },
12    },
13  },
14})

Note that the template option can also be a lodash template:

1license({
2  thirdParty: {
3    includePrivate: false,
4    output: {
5      file: path.join(__dirname, 'dist', 'dependencies.txt'),
6
7      // Lodash template that can be defined to customize report output
8      template: `
9        <% _.forEach(dependencies, function (dependency) { %>
10          <%= dependency.name %>:<%= dependency.version%> -- <%= dependency.license %>
11        <% }) %>
12      `,
13    },
14  },
15})

For example, it can be relatively easy to produce a JSON output instead of a text file:

1license({
2  thirdParty: {
3    includePrivate: false,
4    output: {
5      file: path.join(__dirname, 'dist', 'dependencies.json'),
6      template(dependencies) {
7        return JSON.stringify(dependencies);
8      }
9    },
10  },
11})

By default, the "self" package is ignored (by "self", we mean the package being built), but startint with version 3.4.0, you can force inclusion using the includeSelf option:

1license({
2  thirdParty: {
3    includeSelf: true,
4    output: {
5      file: path.join(__dirname, 'dist', 'dependencies.json'),
6      template(dependencies) {
7        return JSON.stringify(dependencies);
8      }
9    },
10  },
11})

License Checks

Starting with version 0.13, it is possible to ensure that dependencies does not violate any license restriction. For example, suppose you want to limit dependencies with MIT or Apache-2.0 licenses, simply define the restriction such as:

1license({
2  thirdParty: {
3    allow: '(MIT OR Apache-2.0)',
4  },
5})

Note that the allow value here should be a valid SPDX pattern (more information here).

The allow option here will print a warning to the console for all license violation. Note that, if you want more control, it can also be defined as function:

1license({
2  thirdParty: {
3    allow(dependency) {
4      return dependency.license === 'MIT';
5    },
6  },
7})

The function defined here allow only MIT licenses, and will print a warning for anything else.

Finally, if emitting a warning is not enought for you, you can also choose to fail the build:

1license({
2  thirdParty: {
3    allow: {
4      test: 'MIT',             // Or a function that should returns `true` or `false`
5      failOnUnlicensed: true,  // Fail if a dependency does not specify any licenses, default is `false`
6      failOnViolation: true,   // Fail if a dependency specify a license that does not match given requirement, default is `false`
7    },
8  },
9})

Starting with version 3.1.0, you can also use the multipleVersions option to track dependencies in different version as a different dependency. It can be particularly useful in case a dependency changed its license between two versions.

Note that this option is false by default (mainly to keep backward compatibility).

1license({
2  thirdParty: {
3    includePrivate: false,
4    multipleVersions: true,
5    output: {
6      file: path.join(__dirname, 'dist', 'dependencies.txt'), // Path of the license report
7      encoding: 'utf-8', // default is UTF-8
8      template(dependencies) {
9        return dependencies.map((dependency) => `${dependency.name}:${dependency.version} -- ${dependency.license}`).join('\n');
10      },
11    },
12  },
13})

Changelogs

• 3.5.0
  • Remove mkidrp dependency (#1743)
  • Replace glob with fdir dependency (#1742)
  • Dependency upgrades
• 3.4.1
  • Add the license for the package itself without having to specify includePrivate flag (see comment).
• 3.4.0
  • Allow adding the license for the package itself into the thirdParty output #1685
  • Dependency upgrades
• 3.3.1
  • Ensure the multipleVersions option is correctly validated (#1682)
• 3.3.0
  • Include notice file in the third party output (#1683)
  • Dependency upgrades
• 3.2.0
  • Support rollup ^4.0.0
  • Dependency upgrades
• 3.1.0
  • Add thirdParty.multipleVersions option (#1528)
• 3.0.0
  • Support rollup^3.0.0
• 2.8.0
  • Relax production dependency versions (#1128https://github.com/mjeanroy/rollup-plugin-license/issues/1128)
  • Update dependencies
• 2.7.0
  • Update dependencies (#1077)
• 2.6.0
  • Improve case insensitive search (PR), thanks @codepunkt!
  • Search for LICENCE or LICENSE files (PR), thanks @codepunkt!
• 2.5.0
  • Look for dependencies' license files case insensitively, thanks @Luke-zhang-04!
• 2.4.0
  • Typings added
  • Update dependencies
• 2.0.0
  • Support node >= 10
  • Update dependencies
• 1.0.0
  • Remove support for rollup < 1.0.0
  • Remove support for deprecated options.
  • Support node >= 6
• 0.14.0
  • Update rollup peer dependency
  • Produce a single file as dist output
  • Update dependencies
• 0.13.0
  • Add license checking (see #381).
• 0.12.1
  • Restore compatibility with Node6
• 0.12.0
  • Improve output configuration (see #379).
  • Improve option object validation and warning.
  • Deprecate thirdParty.encoding option.
  • Dev dependencies updates.
• 0.11.0
  • Fail if the banner file does not exist (breaking change).
  • Deprecate banner.file / banner.encoding entries, use banner.content.file / banner.content.encoding instead (see #428).
  • Allow comment style to be defined with a "string" banner (see #308 and #428).
  • Dev dependencies updates.
• 0.10.0
  • Support different comment style for banner (see #308).
  • Do not include tree shaken dependencies (see #380)
  • Various dependency updates.
• 0.9.0
  • Fix for NULL character (see #1).
  • Various dependency updates.
• 0.8.1
  • Add rollup as a peer dependency.
• 0.8.0
  • Deprecate sourceMap option (use sourcemap option in lowercase) to keep it consistent with rollup.
  • Fix deprecate call with rollup >= 1, keep compatibility with legacy versions of rollup.
  • Upgrade dependencies.
• 0.7.0
  • Add a way to specify custom data object when rendering banner.
  • Add cwd option to specify custom working directory (optional option).
  • Upgrade dependencies.
• 0.6.0
  • Upgrade commenting dependency.
• 0.5.0
  • Feat: Sourcemap is now enable by default to ensure compatibility with other rollup plugins.
  • Fix: Add compatibility with rollup >= 0.48.0 (the new sourcemap option).
  • Fix: Ensure plugin sourcemp is used instead of the "global" one in rollup options.
  • Chore: dependency updates.
• 0.4.0
  • Dependency update (moment).
  • Dependency update (magic-string).
• 0.3.0
  • Add encoding option for banner and third-party output file.
  • Banner can be a simple string.

License

MIT License (MIT)

Contributing

If you find a bug or think about enhancement, feel free to contribute and submit an issue or a pull request.