mirror of
https://github.com/Comfy-Org/ComfyUI_frontend.git
synced 2026-04-29 10:42:44 +00:00
[feat] Add CI checks for OSS license compliance and telemetry tree-shaking
Implements automated verification to ensure the OSS distribution: 1. Only includes open-source licensed dependencies 2. Properly tree-shakes proprietary fonts (ABCROM) 3. Removes telemetry code (Mixpanel) from OSS builds New scripts: - scripts/verify-licenses.js - Validates production dependency licenses - scripts/verify-oss-build.js - Checks dist/ for violations New CI workflow: - .github/workflows/ci-oss-compliance.yaml - Runs compliance checks New npm scripts: - pnpm verify:licenses - Check dependency licenses - pnpm verify:oss - Verify OSS build compliance - pnpm verify:compliance - Run all checks - pnpm build:oss - Build OSS distribution Documentation: - docs/OSS_COMPLIANCE.md - Complete guide for compliance checks 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
snomiao
225
scripts/verify-licenses.js
Normal file
225
scripts/verify-licenses.js
Normal file
@@ -0,0 +1,225 @@
|
||||
/**
|
||||
* CI Script: Verify License Compliance
|
||||
*
|
||||
* This script verifies that all production dependencies use open-source compatible licenses.
|
||||
* It checks against a list of approved licenses and flags any non-compliant dependencies.
|
||||
*
|
||||
* Usage: node scripts/verify-licenses.js
|
||||
*
|
||||
* Exit codes:
|
||||
* - 0: All licenses are compliant
|
||||
* - 1: Non-compliant licenses found
|
||||
*/
|
||||
|
||||
import { execSync } from 'child_process'
|
||||
|
||||
const COLORS = {
|
||||
red: '\x1b[31m',
|
||||
green: '\x1b[32m',
|
||||
yellow: '\x1b[33m',
|
||||
blue: '\x1b[34m',
|
||||
reset: '\x1b[0m'
|
||||
}
|
||||
|
||||
// Approved open-source licenses
|
||||
// Based on OSI-approved licenses and common permissive licenses
|
||||
const APPROVED_LICENSES = new Set([
|
||||
'MIT',
|
||||
'Apache-2.0',
|
||||
'BSD-2-Clause',
|
||||
'BSD-3-Clause',
|
||||
'ISC',
|
||||
'CC0-1.0',
|
||||
'CC-BY-3.0',
|
||||
'CC-BY-4.0',
|
||||
'Unlicense',
|
||||
'WTFPL',
|
||||
'0BSD',
|
||||
'BlueOak-1.0.0',
|
||||
'Python-2.0',
|
||||
'Zlib',
|
||||
// GPL is acceptable for libraries as long as we're GPL-3.0-only
|
||||
'GPL-2.0',
|
||||
'GPL-3.0',
|
||||
'GPL-3.0-only',
|
||||
'LGPL-2.1',
|
||||
'LGPL-3.0',
|
||||
'MPL-2.0',
|
||||
// Public domain
|
||||
'Public Domain',
|
||||
'Unlicensed'
|
||||
])
|
||||
|
||||
// Known problematic licenses
|
||||
const PROBLEMATIC_LICENSES = new Set([
|
||||
'UNLICENSED',
|
||||
'CUSTOM',
|
||||
'SEE LICENSE IN LICENSE',
|
||||
'PROPRIETARY'
|
||||
])
|
||||
|
||||
/**
|
||||
* Parse pnpm licenses output
|
||||
*/
|
||||
function getLicenses() {
|
||||
console.log(
|
||||
`${COLORS.blue}Fetching production dependency licenses...${COLORS.reset}`
|
||||
)
|
||||
|
||||
try {
|
||||
const output = execSync('pnpm licenses list --json --prod', {
|
||||
encoding: 'utf-8',
|
||||
maxBuffer: 10 * 1024 * 1024 // 10MB buffer
|
||||
})
|
||||
|
||||
const licenses = JSON.parse(output)
|
||||
return licenses
|
||||
} catch (err) {
|
||||
console.error(
|
||||
`${COLORS.red}Error fetching licenses: ${err.message}${COLORS.reset}`
|
||||
)
|
||||
process.exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalize license names for comparison
|
||||
*/
|
||||
function normalizeLicense(license) {
|
||||
if (!license) return 'UNKNOWN'
|
||||
|
||||
// Handle common variations
|
||||
const normalized = license.trim().replace(/\s+/g, '-').toUpperCase()
|
||||
|
||||
// Handle "OR" clauses - take the first license
|
||||
if (normalized.includes(' OR ')) {
|
||||
return normalized.split(' OR ')[0].trim()
|
||||
}
|
||||
|
||||
// Handle "AND" clauses - if any license is approved, consider it approved
|
||||
if (normalized.includes(' AND ')) {
|
||||
const licenses = normalized.split(' AND ')
|
||||
for (const lic of licenses) {
|
||||
const trimmed = lic.trim()
|
||||
if (APPROVED_LICENSES.has(trimmed)) {
|
||||
return trimmed
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return normalized
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a license is approved
|
||||
*/
|
||||
function isLicenseApproved(license) {
|
||||
const normalized = normalizeLicense(license)
|
||||
|
||||
// Check exact match
|
||||
if (APPROVED_LICENSES.has(normalized)) {
|
||||
return true
|
||||
}
|
||||
|
||||
// Check if any approved license is a substring (handles variations)
|
||||
for (const approved of APPROVED_LICENSES) {
|
||||
if (normalized.includes(approved.toUpperCase())) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
/**
|
||||
* Main verification function
|
||||
*/
|
||||
function main() {
|
||||
console.log(
|
||||
`${COLORS.blue}========================================${COLORS.reset}`
|
||||
)
|
||||
console.log(`${COLORS.blue}License Compliance Verification${COLORS.reset}`)
|
||||
console.log(
|
||||
`${COLORS.blue}========================================${COLORS.reset}\n`
|
||||
)
|
||||
|
||||
const licenses = getLicenses()
|
||||
|
||||
const violations = []
|
||||
const warnings = []
|
||||
let totalPackages = 0
|
||||
|
||||
// Check each license group
|
||||
for (const [license, packages] of Object.entries(licenses)) {
|
||||
for (const pkg of packages) {
|
||||
totalPackages++
|
||||
|
||||
const isApproved = isLicenseApproved(license)
|
||||
const isProblematic = PROBLEMATIC_LICENSES.has(normalizeLicense(license))
|
||||
|
||||
if (isProblematic || !isApproved) {
|
||||
violations.push({
|
||||
package: pkg.name,
|
||||
version: pkg.versions[0],
|
||||
license: license,
|
||||
isProblematic
|
||||
})
|
||||
} else if (license === 'UNKNOWN' || !license) {
|
||||
warnings.push({
|
||||
package: pkg.name,
|
||||
version: pkg.versions[0],
|
||||
license: 'UNKNOWN'
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Report warnings
|
||||
if (warnings.length > 0) {
|
||||
console.log(
|
||||
`${COLORS.yellow}⚠ Packages with unknown licenses (${warnings.length}):${COLORS.reset}`
|
||||
)
|
||||
warnings.forEach(({ package: name, version }) => {
|
||||
console.log(` ${COLORS.yellow}- ${name}@${version}${COLORS.reset}`)
|
||||
})
|
||||
console.log()
|
||||
}
|
||||
|
||||
// Report violations
|
||||
if (violations.length > 0) {
|
||||
console.log(
|
||||
`${COLORS.red}✗ Found ${violations.length} package(s) with non-compliant licenses:${COLORS.reset}\n`
|
||||
)
|
||||
|
||||
violations.forEach(({ package: name, version, license, isProblematic }) => {
|
||||
console.log(` ${COLORS.red}Package: ${name}@${version}${COLORS.reset}`)
|
||||
console.log(` ${COLORS.red}License: ${license}${COLORS.reset}`)
|
||||
if (isProblematic) {
|
||||
console.log(
|
||||
` ${COLORS.red}⚠ This license is known to be problematic${COLORS.reset}`
|
||||
)
|
||||
}
|
||||
console.log()
|
||||
})
|
||||
|
||||
console.log(
|
||||
`${COLORS.blue}========================================${COLORS.reset}`
|
||||
)
|
||||
console.log(`${COLORS.red}✗ License verification failed!${COLORS.reset}`)
|
||||
console.log(
|
||||
`${COLORS.red}Please review and update dependencies with non-compliant licenses.${COLORS.reset}\n`
|
||||
)
|
||||
process.exit(1)
|
||||
}
|
||||
|
||||
// Success
|
||||
console.log(
|
||||
`${COLORS.blue}========================================${COLORS.reset}`
|
||||
)
|
||||
console.log(
|
||||
`${COLORS.green}✓ All ${totalPackages} production dependencies use approved licenses!${COLORS.reset}\n`
|
||||
)
|
||||
process.exit(0)
|
||||
}
|
||||
|
||||
main()
|
||||
Reference in New Issue
Block a user