We need to add license compatibility checkers to our CI to ensure no copyleft or Apache2-incompatible licenses are ever merged into the project, even as transient dependencies.
For Rust dependencies from crates.io, we should use Embark's cargo-deny.
For Node dependencies from npm, I found license-checker looks reasonably popular, but popular alternatives would also be fine. (Edit: we ended up using Microsoft's license-checker-webpack-plugin)
We need to add license compatibility checkers to our CI to ensure no copyleft or Apache2-incompatible licenses are ever merged into the project, even as transient dependencies.
For Rust dependencies from crates.io, we should use Embark's cargo-deny.
For Node dependencies from npm, I found license-checker looks reasonably popular, but popular alternatives would also be fine. (Edit: we ended up using Microsoft's
license-checker-webpack-plugin)