Configuration#
The plugin is configured in the extra section of the composer.json file.
Example#
{
"extra": {
"arokettu/composer-license-manager": {
"licenses": {
"allowed": ["MIT", "LGPL-*"],
"forbidden": ["GPL-3.0", "AGPL-*"],
"allow-empty": true
},
"packages": {
"allowed": ["foo/bar", "safenamespace/*"]
},
"enforced": true
}
}
}
Licenses#
Licenses section configures desired and undesired licenses.
Added in version 1.1: { "licenses": [...] } is a shortcut for { "licenses": { "allowed": [...] } }
"allowed"Whitelisted licenses. Allows globs in prefix form (
*as the last character). Default:["*"]"forbidden"Blacklisted licenses. Allows globs in prefix form (
*as the last character). Default:[]"allow-empty"Allow packages with no license set. Default:
false
Note
Whitelisting licenses by glob may be unwise.
For example BSD-* will allow such licenses as
BSD-Protection (non GPL-compatible),
BSD-3-Clause-No-Nuclear-License and BSD-3-Clause-No-Military-License (both non-free)
Check order:
exact forbidden licenses
exact allowed licenses
licenses forbidden by glob
licenses allowed by glob
License identifiers are checked in case insensitive manner.
SPDX License expressions like (MIT OR LGPL) are not evaluated and must be specified exactly.
They are also ignored by globs except for match-all glob "*".
Multiple specified licenses are treated like a disjunction so if any of the licenses conform to the policy, the package is considered conforming to the policy.
Packages#
Package exceptions to the policy enforcement.
Added in version 1.1: { "packages": [...] } is a shortcut for { "packages": { "allowed": [...] } }
"allowed"Whitelisted packages. Allows globs in prefix form (
*as the last character). Default:[]
Enforcement#
"enforced"If true, the license policy is enforced during package installation and update, refer to Policy Enforcement for further info. Default:
true