test: add license test

Author: filipesilva

package.json

@@ -12,13 +12,14 @@
     "build": "node ./scripts/publish/build.js",
     "build:patch": "node ./scripts/patch.js",
     "build:packages": "for PKG in packages/*; do echo Building $PKG...; tsc -p $PKG; done",
-    "test": "npm-run-all -c test:packages test:cli test:deps",
+    "test": "npm-run-all -c test:packages test:cli test:deps test:licenses",
     "e2e": "npm run test:e2e",
     "e2e:nightly": "node tests/run_e2e.js --nightly",
     "test:e2e": "node tests/run_e2e.js",
     "test:cli": "node tests/runner",
     "test:deps": "node scripts/publish/validate_dependencies.js",
     "test:inspect": "node --inspect --debug-brk tests/runner",
+    "test:licenses": "node scripts/test-licenses.js",
     "test:packages": "node scripts/run-packages-spec.js",
     "eslint": "eslint .",
     "tslint": "tslint \"**/*.ts\" -c tslint.json -e \"**/tests/**\" -e \"**/blueprints/*/files/**/*.ts\" -e \"node_modules/**\" -e \"tmp/**\" -e \"dist/**\"",
@@ -135,6 +136,7 @@
     "express": "^4.14.0",
     "jasmine": "^2.4.1",
     "jasmine-spec-reporter": "^3.2.0",
+    "license-checker": "^8.0.3",
     "minimist": "^1.2.0",
     "mocha": "^3.2.0",
     "mock-fs": "^4.0.0",
@@ -145,6 +147,7 @@
     "resolve-bin": "^0.4.0",
     "rewire": "^2.5.1",
     "sinon": "^1.17.3",
+    "spdx-satisfies": "^0.1.3",
     "through": "^2.3.6",
     "tree-kill": "^1.0.0",
     "ts-node": "^2.0.0",

scripts/test-licenses.js

@@ -0,0 +1,76 @@
+const licenseChecker = require('license-checker');
+const spdxSatisfies = require('spdx-satisfies');
+const denodeify = require('denodeify');
+const licenseCheckerInit = denodeify(licenseChecker.init);
+
+
+// SPDX defined licenses, see https://spdx.org/licenses/.
+const acceptedSpdxLicenses = [
+  'MIT',
+  'ISC',
+  'Apache-2.0',
+  'BSD-2-Clause',
+  'BSD-3-Clause',
+  'BSD-4-Clause',
+  'CC-BY-3.0',
+  'CC-BY-4.0',
+  'Beerware',
+  'Unlicense'
+];
+
+// Name variations of SPDX licenses that some packages have.
+const ignoredLicenseVariations = [
+  'MIT*',
+  'MIT/X11',
+  'AFLv2.1',
+  'AFLv3.0',
+  'Apache-2.0',
+  'Apache2',
+  'BSD',
+  'BSD*',
+  'BSD-like',
+  'NPL',
+  'L/GPL',
+  'Public Domain'
+];
+
+// Specific packages to ignore, add a reason in a comment. Format: package-name@version.
+const ignoredPackages = [
+  '[email protected]', // old license format, lists `AFLv2.1, BSD`
+  '[email protected]', // old license format, lists `MIT, Apache2`
+  '[email protected]' // `Apache License, Version 2.0`, but licence-checker can't handle commas
+];
+
+function testSpdx(licenses) {
+  try {
+    return spdxSatisfies(licenses, `(${acceptedSpdxLicenses.join(' OR ')})`)
+  } catch (_) {
+    return false;
+  }
+}
+
+// Use license-checker first, it can filter more licenses.
+licenseCheckerInit({
+  start: './',
+  exclude: acceptedSpdxLicenses.concat(ignoredLicenseVariations).join(),
+  customFormat: { name: '', _location: '' }
+})
+  .then(json => {
+    let badPackages = Object.keys(json)
+      .map(key => Object.assign({}, json[key], { id: key }))
+      // Then run the remaining ones through spdx-satisfies.
+      .filter(pkg => !testSpdx(pkg.licenses))
+      .filter(pkg => !ignoredPackages.find(ignored => ignored === pkg.id));
+
+    if (badPackages.length > 0) {
+      console.log('Invalid package licences found:\n');
+      badPackages.forEach(pkg => console.log(`- ${pkg.id} (${pkg._location}): ${pkg.licenses}`));
+      process.exit(1);
+    } else {
+      console.log('All package licenses are valid.');
+    }
+  })
+  .catch(err => {
+    console.log(err);
+    process.exit(1);
+  });