Merge pull request #135 from brainhubeu/development

Release 2.0.0-beta.1
brainhubeu · Dec 9, 2024 · 72cd3f4 · 72cd3f4
2 parents cc58fa2 + 9d1efb5
commit 72cd3f4
Show file tree

Hide file tree

Showing 77 changed files with 8,028 additions and 2,247 deletions.
diff --git a/README.md b/README.md
@@ -6,6 +6,8 @@
 
 - npm
 - yarn classic (v1)
+- yarn 2+
+  - Applicable only for projects using `node_modules` installation. `Plug'n'Play` is not currently supported.
 - pnpm
 
 ## Getting started
@@ -36,11 +38,14 @@ The results will be printed in the console.
 - `--json [json]` - Save the result to a JSON file. If no path is not provided, a file named license-auditor.results.json will be created in the current directory.
 - `--production` - Skip the audit for licenses in development dependencies (default: false)
 - `--default-config` - Run audit with default whitelist/blacklist configuration
+- `--filter-regex [regex]` - Run audit with a custom regex filter that will be applied to the package name
 
 > [!IMPORTANT]
 > Verify dev dependencies if they generate code, embed assets, or otherwise impact the final product, as their licenses might impose restrictions. Always prioritize reviewing both when in doubt or if your project may be redistributed or commercialized.
 
-## Configuration file structure
+## Configuration file
+
+### File structure
 
 All licenses are sourced from [SPDX license list](https://spdx.org/licenses/)
 
@@ -50,6 +55,47 @@ All licenses are sourced from [SPDX license list](https://spdx.org/licenses/)
   - `warn` - package should be omitted from audit, but it will produce a warning,
   - `off`- package should be completely omitted from the audit.
 
+To use `ConfigType` and enable IntelliSense license suggestions in the configuration file, run:
+
+```
+npm i --save-dev @brainhubeu/lac
+```
+
+Then, in JS/MJS configuration at the top of the file add:
+
+```js
+/**
+ * @type {import('@brainhubeu/lac').ConfigType}
+ */
+```
+
+In TS configuration:
+
+```js
+import type { ConfigType } from "@brainhubeu/lac";
+
+const config: ConfigType = {
+  ...
+};
+```
+
+> [!CAUTION]
+> The default/strict configuration should not be in any way interpreted as legal advice.
+
+### Default configuration
+
+LAC offers a default configuration for whitelist and blacklist, available by running the configuration wizard or using the `--default-config` flag. The rationale for selecting licenses for each list is available in [this Brainhub article about open source licenses](https://brainhub.eu/library/open-source-licenses-to-avoid). It describes licenses to be wary of as:
+
+> You need to be careful about a few restrictive licenses, like GPL 3.0 or AGPL. In the worst-case scenario, you may be required to release your software under the same license, royalty-free.
+
+> However, we shouldn't say these licenses are bad. They cause a legal risk or can make you rewrite the whole product, but only if you don't follow the rules associated with them.
+
+> The key in managing licenses is to understand how they work, follow their rules, and ideally use software that helps to track the licenses in your product, so as not to break the law or cause problems to your product through inattention.
+
+### Strict configuration
+
+Strict configuration offers a more restrictive whitelist/blacklist preset. The aim was to cover as many licenses as viable, keeping to the guidelines described in the article above.
+
 ## Known issues
 
 ### "missing: some-package@>=3.0.0, required by [email protected]"