-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathconfig.local.example.toml
80 lines (71 loc) · 2.12 KB
/
config.local.example.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Example License Scanner Config - Local Version
# use this config for running license_scanner against a local node project
[environment]
title = "License Scanner Config"
##
# What mode should we run the scanner in?
# options:
# - "standalone": will run the tool against all repos listed in the `repos` list (below)
# - "local": will run the tool against the repo defined in `pathToRepo`
# - "docker": will run the tool against the docker image defined in `dockerImage`
mode = 'local'
##
# How we should process the licenses
# options are:
# - "fossa-api": will export to fossa api (requires FOSSA_API_KEY to be set in .env)
# - "fossa-json": will export from fossa to a folder of json files. This just shows import heirarchies, and doesn't scan licenses
# - "lc-csv": will use npm license-checker, and export to a list of csv files
# - "lc-summary": will use npm license-checker, and export a summary file for each repo
tool = "lc-csv"
##
# The path to the repo that will be scanned
# Ignored when `mode != "local"`
#
# e.g.
# pathToRepo = "/Users/ldaly/developer/vessels/mojaloop-github/ml-api-adapter"
#
# Override by setting `pathToRepo` env variable
##
pathToRepo = ""
##
# A list of packages that we have manually audited and are ok with.
#
# string: Format: "<package>;<reason>"
#
#
# e.g.
# excludeList = [
# "taffydb@2.6.2;Contains MIT license on github, but not listed in package.json"
# ]
#
# will ignore taffydb@2.6.2 in the license check, and put the "Contains MIT..." reason in the license-summary
##
excludeList = [
"taffydb@2.6.2;Contains MIT license on github, but not listed in package.json",
"buffercursor@0.0.12;No license on github or npm", # has no license on github or npm
"cycle@1.0.3;Listed as Public-Domain on npm, but no License file in github",
"spdx-exceptions@2.2.0;Requires attribution",
]
##
# A list of licenses strings that we allow.
##
allowedList = [
"AFLv2.1",
"Apache License, Version 2.0",
"Apache*",
"Apache-2.0",
"BSD",
"BSD*",
"BSD-2-Clause",
"BSD-3-Clause",
"CC-BY-3.0",
"CC0-1.0",
"ISC",
"MIT",
"MIT*",
"Public Domain",
"UNLICENSED",
"Unlicense",
"Unlicensed",
"WTFPL",
]