Hi everyone, I got some requests to publish my work-in-progress since it's minimally working.
- https://hex.pm/packages/licensir - https://github.com/unnawut/licensir The code is far from professional, but until I got around to polish that, I'm happy to accept any feedback so I can prioritize. As per Eric's suggestion, I'll definitely implement the hex_metadata.config once it's released. Thanks for the suggestion! Thanks all for the support! On Fri, Nov 10, 2017 at 5:30 PM, Eric Meadows-Jönsson < [email protected]> wrote: > If you wait for the next Hex release we have added the hex_metadata.config > file so you can read metadata of all fetched Hex packages, including Erlang > projects, without having to read mix.exs. > > This is the PR that adds it: https://github.com/hexpm/hex/pull/433. > > Here is an example of the contents of the hex_metadata.config file: > > {<<"app">>,<<"cowlib">>}. > {<<"build_tools">>,[<<"make">>]}. > {<<"description">>,<<"Support library for manipulating Web protocols.">>}. > {<<"files">>, > [<<"src/cow_cookie.erl">>,<<"src/cow_date.erl">>,<<"src/cow_http.erl">>, > <<"src/cow_http_hd.erl">>,<<"src/cow_http_te.erl">>, > <<"src/cow_mimetypes.erl">>,<<"src/cow_mimetypes.erl.src">>, > <<"src/cow_multipart.erl">>,<<"src/cow_qs.erl">>,<<"src/cow_spdy.erl">>, > <<"src/cow_spdy.hrl">>,<<"src/cowlib.app.src">>, > <<"include/cow_inline.hrl">>,<<"README.md">>,<<"LICENSE">>,< > <"Makefile">>, > <<"erlang.mk">>]}. > {<<"licenses">>,[<<"ISC">>]}. > {<<"links">>,[{<<"GitHub">>,<<"https://github.com/ninenines/cowlib";>>}]}. > {<<"maintainers">>,[<<"Loïc Hoguin"/utf8>>]}. > {<<"name">>,<<"cowlib">>}. > {<<"requirements">>,[]}. > {<<"version">>,<<"1.0.2">>}. > > On Fri, Nov 10, 2017 at 9:06 AM, Unnawut Leepaisalsuwanna < > [email protected]> wrote: > >> Sure thing. Thanks! >> >> On Fri, Nov 10, 2017 at 2:00 PM, José Valim <[email protected]> wrote: >> >>> Hi, I agree such a Mix task can be useful but I don't see a reason for >>> it to be included as part of Elixir. So please do release it as a separate >>> project that folks can bring into their application as necessary. Thank you! >>> >>> >>> >>> *José Valimwww.plataformatec.com.br >>> <http://www.plataformatec.com.br/>Founder and Director of R&D* >>> >>> On Fri, Nov 10, 2017 at 4:37 AM, <[email protected]> wrote: >>> >>>> TLDR: Proposal of `mix deps.licenses` to list all depedencies' licenses >>>> for review, which can be very manually tedious but very important to do to >>>> stay legally safe. >>>> >>>> ----- >>>> >>>> Often times when developing an app, some new dependencies may be >>>> added/removed over time, some dependencies change their licenses throughout >>>> their lives. >>>> >>>> Especially in a team setting where multiple people may add/remove >>>> dependencies from the project, we need to periodically review the licenses >>>> used by our dependencies to make sure we are not violating them. Currently >>>> this can be tedious work as the licenses are specified in their respective >>>> Mixfile, and one project may have dozens of dependencies. (Worse is that a >>>> lot of packages don't define their `Mix.Project.config.package.licenses`, >>>> but that's a separate concern). >>>> >>>> So I would like to propose a `mix deps.licenses` task that extract ` >>>> Mix.Project.config.package.licenses` from each dependencies and output >>>> it on command line. This would be similar to `composer licenses` in PHP >>>> <https://getcomposer.org/doc/03-cli.md#licenses>. >>>> >>>> I tinkered a little with creating a simple mix task. This is the result >>>> I can extract using the `licenses` attribute: >>>> >>>> ``` >>>> $ mix deps.licenses >>>> >>>> poolboy: license undefined >>>> decimal: Apache 2.0 >>>> warning: String.strip/1 is deprecated, use String.trim/1 >>>> /path/to/project/deps/poison/mix.exs:4 >>>> >>>> poison: CC0-1.0 >>>> elixir_make: Apache 2 >>>> bcrypt_elixir: BSD >>>> db_connection: Apache 2.0 >>>> postgrex: Apache 2.0 >>>> ecto: Apache 2.0 >>>> ex_machina: MIT >>>> connection: Apache 2.0 >>>> poolboy: license undefined >>>> decimal: Apache 2.0 >>>> poison: CC0-1.0 >>>> elixir_make: Apache 2 >>>> bcrypt_elixir: BSD >>>> db_connection: Apache 2.0 >>>> rabbit_common: license undefined >>>> postgrex: Apache 2.0 >>>> ecto: Apache 2.0 >>>> connection: Apache 2.0 >>>> poolboy: license undefined >>>> meck: license undefined >>>> mock: MIT >>>> decimal: Apache 2.0 >>>> poison: CC0-1.0 >>>> elixir_make: Apache 2 >>>> db_connection: Apache 2.0 >>>> postgrex: Apache 2.0 >>>> ecto: Apache 2.0 >>>> connection: Apache 2.0 >>>> ranch: license undefined >>>> poolboy: license undefined >>>> decimal: Apache 2.0 >>>> poison: CC0-1.0 >>>> elixir_make: Apache 2 >>>> db_connection: Apache 2.0 >>>> phoenix_pubsub: MIT >>>> cowlib: license undefined >>>> cowboy: license undefined >>>> amqp_client: license undefined >>>> amqp: MIT >>>> mime: Apache 2 >>>> plug: Apache 2 >>>> phoenix: MIT >>>> postgrex: Apache 2.0 >>>> ecto: Apache 2.0 >>>> ``` >>>> >>>> Obviously there is more work to do: duplicate packages (packages having >>>> same dependencies), warnings as a result of `Mix.Dep.in_dependency`. But >>>> let me know this is worth adding (I think so!), would be happy to continue >>>> working and submit a PR for this. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "elixir-lang-core" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ms >>>> gid/elixir-lang-core/401033dd-db2f-4e5f-8935-4df9cee196e9%40 >>>> googlegroups.com >>>> <https://groups.google.com/d/msgid/elixir-lang-core/401033dd-db2f-4e5f-8935-4df9cee196e9%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "elixir-lang-core" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>> pic/elixir-lang-core/UHqv3ngKeEc/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/elixir-lang-core/CAGnRm4Kjf_FaJzi6PBy1awDdmUVJxqQqNkzkZR >>> C%3DP2wj_zLFHQ%40mail.gmail.com >>> <https://groups.google.com/d/msgid/elixir-lang-core/CAGnRm4Kjf_FaJzi6PBy1awDdmUVJxqQqNkzkZRC%3DP2wj_zLFHQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elixir-lang-core" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/elixir-lang-core/CAB%3DEmQSMsWVXc8jOKQqjoH_tN-0pcTZHaef0 >> V-6ZXHisAjwERg%40mail.gmail.com >> <https://groups.google.com/d/msgid/elixir-lang-core/CAB%3DEmQSMsWVXc8jOKQqjoH_tN-0pcTZHaef0V-6ZXHisAjwERg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Eric Meadows-Jönsson > > -- > You received this message because you are subscribed to a topic in the > Google Groups "elixir-lang-core" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/elixir-lang-core/UHqv3ngKeEc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/elixir-lang-core/CAM_eapiWmwVcAsuvxE%3D__Ka9ec_- > qnXPuSH4eYSELGpNyB3PkQ%40mail.gmail.com > <https://groups.google.com/d/msgid/elixir-lang-core/CAM_eapiWmwVcAsuvxE%3D__Ka9ec_-qnXPuSH4eYSELGpNyB3PkQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elixir-lang-core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/CAB%3DEmQTaZ2s%3DJ7JGsb8OYrgqKtwdzyD7MGPHrXz4Se3R8KEn%3Dw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
