Webpack@5 shows DeprecationWarning with the follow content:

DeprecationWarning: Compilation.assets will be frozen in future, all modifications are deprecated.

If create a new project without any dependencies and try to build, the Cannot find module 'glob' error happens.

Steps to reproduce:

1. Create an empty project.
2. install webpack, webpack-cli and license-checker-webpack-plugin.
3. Create a webpack.config.js with the follow context:

const LicenseCheckerWebpackPlugin = require("license-checker-webpack-plugin");

module.exports = {
  plugins: [new LicenseCheckerWebpackPlugin()]
};

4. Run webpack command.

GHSA-35jh-r3h4-6jhm

└─┬ [email protected]
  └── [email protected]

No fix available for lodash.template because it's unmaintained, need to migrate to the maintained lodash package to fix it.

Would you consider an option to expose the use of this tool outside of the Webpack compilation? I am aware “webpack-plugin” is in the title, but webpack-specific code in this project is a very small part, just an API adapter, effectively. There’s still

My particular use case is to use it with an app built with Snowpack, but it could also be beneficial with any other way of building an app. There are existing 3rd-party tools, like license-checker, but there’s a lot to like about this particular one: the options, the generated notices file.

If you are open to the idea, I would consider making a small PR. I would start by adding two public functions validateLicenses(dependencies, options) and generateNotices(dependencies, options) at the top level as an alternative to the LicenseCheckerWebpackPlugin. Possibly a tiny CLI, too.

I updated to a recent version of webpack (5.68.0), and some time later noticed the license file generated with this plugin was missing almost all dependencies. It only showed dependencies for a few webpack related plugins, like css-loader. It was missing all other dependencies, like react. I kept downgrading webpack and found that this started happening in webpack 5.55.0. 5.54.0 and before work as expected.

Looking briefly at code of the plugin, it looks like compilation.fileDependencies, used in licenseUtils.js doesn't have the missing dependencies when it's accessed (for example, react is not in the list).

In v0.0.9, CRLF ('\r\n') in a license file is converted to LF ('\n'), but in v0.1.2, CRLF of a non-empty line is not.

For example, for [email protected], which LICENSE.txt includes CRLF (Windows-style),

v0.0.9:

--------------------------------------------------------------------------------
typescript v3.6.3 - Microsoft Corp.
git+https://github.com/Microsoft/TypeScript.git
--------------------------------------------------------------------------------

Apache License

Version 2.0, January 2004

v0.1.2 (^M means CR):

--------------------------------------------------------------------------------
typescript v3.6.3 - Microsoft Corp.
git+https://github.com/Microsoft/TypeScript.git
--------------------------------------------------------------------------------

Apache License^M

Version 2.0, January 2004^M

This change seems to be related to update of wrap-ansi, used in src/licenseUtils.js.
wrapAnsi('a\r\n\r\nb', 5) returns 'a\n\nb' in v4.0.0, but 'a\r\n\nb' in v6.0.0.

I think this is a regression, but don't know whether it should be fixed by this package or by wrap-ansi.

I'm following angular/angular-cli#16291 with respect to angular/angular-cli#14095 (comment) and note that the https://github.com/iconic/open-iconic package utilizes a pair of licenses with files ./FONT-LICENSE and ./ICON-LICENSE which are not picked up by this tool because the file glob https://github.com/microsoft/license-checker-webpack-plugin/blob/master/src/licenseUtils.js#L12 is for files starting with LICENSE and doesn't match those.

Is there any available standard for how license files should be named, and if so is there a bug in this glob or over in open-iconic?

Sometimes this plugin can break a build with an error when webpack@5 is used:

Cannot find module '<path-to-repo>/node_modules/<lib>/package.json'

It's easy to reproduce this issue. Just add to the project @babel/runtime dependency and try to make a build. The build will be broken with the follow error:

Error: Cannot find module '<path-to-repo>/node_modules/@babel/package.json'

Here is an example repo: webpack-file-dependencies-issue/tree/license-checker-webpack-plugin-example.

Initial issue: webpack/webpack#11971

If a package.json file specifies a license type, but a full license file is not found what should the output be?

For example this repo, https://github.com/yesmeck/mini-store. The package.json contains a license of MIT, but the repo does not provide a license file.
The current output is the MIT, so I assume just the contents of the package.json license field.

If it is a common license, should the contents be replaced with the 'default' text of the license? Does the concept of a 'default' text for a license even really exist?

This currently crashes when dep tree includes scoped packages

Error: Cannot find module '/.../node_modules/@react-aria/package.json'
Require stack:
- /.../node_modules/license-checker-webpack-plugin/src/licenseUtils.js
- /.../node_modules/license-checker-webpack-plugin/src/index.js
- /.../engine-frontend/webpack.config.js

It's trying to find a package.json under the "Scope" part of scoped packages (which would never exist)

How about webpack placeholders support, such as:

[hash], [chunkhash], [name], [filebase], [query], [file]

I think this is a really useful feature.

Example:

const LicenseCheckerWebpackPlugin = require("license-checker-webpack-plugin");

module.exports = {
  plugins: [
    new LicenseCheckerWebpackPlugin({
      outputFilename: "ThirdPartyNotices.[query].txt" 
    })
  ]
};

Is there a value for allow that would accept all licenses? I use this module to generate the output file and I don't really care about the actual licenses or their verification.

I'd suggest accepting a "all" or "any" value that would skip over the entire "checking" step of this module.

Hi, after I upgraded to webpackv5 I am having some issues:
webpack - 5.11.1
webpack-cli - 4.3.1

Is this license-checker-webpack-plugin or superstruct issue? The file Users/gita/code/experimental/node_modules/license-checker-webpack-plugin/node_modules/superstruct/src/struct.ts does not exist in my repo, so not sure how the error logs make sense.
Any way to debug?
I can try and make reproducible repo

2021-01-07-15:04:16 1|worker-webpack  | [webpack-cli] Error: 
2021-01-07-15:04:16 1|worker-webpack  |     at new StructError (/Users/gita/code/experimental/node_modules/license-checker-webpack-plugin/node_modules/superstruct/src/struct.ts:77:18)
2021-01-07-15:04:16 1|worker-webpack  |     at validate (/Users/gita/code/experimental/node_modules/license-checker-webpack-plugin/node_modules/superstruct/src/struct.ts:176:19)
2021-01-07-15:04:16 1|worker-webpack  |     at assert (/Users/gita/code/experimental/node_modules/license-checker-webpack-plugin/node_modules/superstruct/src/struct.ts:133:18)
2021-01-07-15:04:16 1|worker-webpack  |     at getOptions (/Users/gita/code/experimental/node_modules/license-checker-webpack-plugin/src/optionsUtils.js:47:3)
2021-01-07-15:04:16 1|worker-webpack  |     at new LicenseCheckerWebpackPlugin (/Users/gita/code/experimental/node_modules/license-checker-webpack-plugin/src/index.js:36:20)
2021-01-07-15:04:16 1|worker-webpack  |     at _createOpenSourceSoftwareLicensePlugin (/Users/gita/code/experimental/modules/browser/webpack_helpers.ts:499:10)
2021-01-07-15:04:16 1|worker-webpack  |     at Object.getDefaultPlugins (/Users/gita/code/experimental/modules/browser/webpack_helpers.ts:205:18)
2021-01-07-15:04:16 1|worker-webpack  |     at generateWebpackConfig (/Users/gita/code/experimental/modules/browser/worker.webpack.config.ts:27:16)
2021-01-07-15:04:16 1|worker-webpack  |     at /Users/gita/code/experimental/node_modules/webpack-cli/lib/webpack-cli.js:792:43
2021-01-07-15:04:16 1|worker-webpack  |     at Array.map (<anonymous>) {
2021-01-07-15:04:16 1|worker-webpack  |   value: 'https://raw.githubusercontent.com/grpc/grpc-web/master/LICENSE',
2021-01-07-15:04:16 1|worker-webpack  |   type: 'never',
2021-01-07-15:04:16 1|worker-webpack  |   path: [ 'override', '@improbable-eng/[email protected]', 'licenseUrl' ],
2021-01-07-15:04:16 1|worker-webpack  |   branch: [
2021-01-07-15:04:16 1|worker-webpack  |     {
2021-01-07-15:04:16 1|worker-webpack  |       filter: /(^.*[/\\]node_modules[/\\]((?:@[^/\\]+[/\\])?(?:[^/\\]+)))/,
2021-01-07-15:04:16 1|worker-webpack  |       allow: '(Apache-2.0 OR BSD-2-Clause OR BSD-3-Clause OR ISC OR MIT OR OFL-1.1 OR Unlicense OR W3C OR Zlib)',
2021-01-07-15:04:16 1|worker-webpack  |       ignore: [Array],
2021-01-07-15:04:16 1|worker-webpack  |       override: [Object],
2021-01-07-15:04:16 1|worker-webpack  |       emitError: true,
2021-01-07-15:04:16 1|worker-webpack  |       outputWriter: [AsyncFunction: outputWriter],
2021-01-07-15:04:16 1|worker-webpack  |       outputFilename: 'OpenSourceSoftwareLicenses-worker.json'
2021-01-07-15:04:16 1|worker-webpack  |     },
2021-01-07-15:04:16 1|worker-webpack  |     {
2021-01-07-15:04:16 1|worker-webpack  |       '@improbable-eng/[email protected]': [Object],
2021-01-07-15:04:16 1|worker-webpack  |     },
2021-01-07-15:04:16 1|worker-webpack  |     {
2021-01-07-15:04:16 1|worker-webpack  |       licenseName: 'Apache-2.0',
2021-01-07-15:04:16 1|worker-webpack  |       licenseUrl: 'https://raw.githubusercontent.com/grpc/grpc-web/master/LICENSE'
2021-01-07-15:04:16 1|worker-webpack  |     },
2021-01-07-15:04:16 1|worker-webpack  |     'https://raw.githubusercontent.com/grpc/grpc-web/master/LICENSE'
2021-01-07-15:04:16 1|worker-webpack  |   ],
2021-01-07-15:04:16 1|worker-webpack  |   failures: [Function: failures]
2021-01-07-15:04:16 1|worker-webpack  | }

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Hello! Thank you for this plugin.

I've got a question I posted to SO that isn't getting any traction: Copying from the question:

I am using https://github.com/Microsoft/license-checker-webpack-plugin to generate a text file containing the licenses my app uses.

I would like to load output from this plugin (a text file) with https://github.com/webpack-contrib/raw-loader to use in a page.

Unfortunately, there's a bit of a circular dependency here: this output is only available after the build. How do I handle this? Do I run webpack twice in my build?

Specifically, I am using this tool to generate https://www.pony.gg/attributions. For now, given this problem, I just copied the output from this plugin to into src. But that means every time my dependencies change I need to manually do this.

I feel like I'm missing something because isn't this a common use-case for this plugin?

There are some dependencies that are installed into projects, but aren't imported from the source code. They are included to the projects in different ways. These are some examples:

• focus-visible
• awsm.css
• github-corners

Such dependencies don't get into the ThirdPartyNotices file because they are not imported.

I have an idea to specify manually such dependencies in webpack config like so:

const LicenseCheckerWebpackPlugin = require("license-checker-webpack-plugin");

module.exports = {
  plugins: [
    new LicenseCheckerWebpackPlugin({
      manuallyInstalledDependencies: [
        path.resolve(__dirname, "node_modules", 'focus-visible'),
        path.resolve(__dirname, "node_modules", 'awsm.css'),
        path.resolve(__dirname, "node_modules", 'github-corners'),
      ]
    })
  ]
};

I am using the license-checker-webpack-plugin in my Angular project. When upgrading from Angular 11 to Angular 12, my build did not work anymore. This has never before been an issue.

Reproduce

For simplicity I create a repo: https://github.com/kamulos/angular-license-checker-bug

There are two commits: the first one is an untouched new Angular project created with the version 12.1.4 of the Angular CLI. The second commit inserts the license-checker-webpack-plugin into the project. To provide a webpack config the custom-webpack package is used.

Error

The error that occurs is:

An unhandled exception occurred: Cannot find module '/path/to/angular-license-checker-bug/node_modules/@angular-devkit/package.json'

This is of course true: there is no package.json in this folder. But this is also nowhere specified as a dependency. One of the subprojects in this folder is probably meant to be checked.