refactor: switch to license-checker-rseidelsohn for better monorepo support

snomiao · claude · christian-byrne · commit 6ae2036aba77 · 2026-02-20T02:31:53.000-08:00
- Replace @onebeyond/license-checker with license-checker-rseidelsohn@4 - license-checker-rseidelsohn better handles monorepos and non-SPDX licenses - Exclude internal @comfyorg packages from license validation - Allow MIT* for packages like wwobjloader2 - Tested locally: 60 packages validated successfully Licenses approved: - MIT (50), Apache-2.0 (4), ISC (3) - (MPL-2.0 OR Apache-2.0) (1), BSD-2-Clause (1), MIT* (1) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
diff --git a/.github/workflows/ci-oss-assets-validation.yaml b/.github/workflows/ci-oss-assets-validation.yaml
@@ -93,30 +93,26 @@ jobs:
           set -euo pipefail
           echo '🔍 Checking production dependency licenses...'
 
-          # Use modern @onebeyond/license-checker (actively maintained, SPDX-compliant)
-          npx @onebeyond/license-checker@6 scan \
-            --allowOnly \
-              MIT \
-              'MIT*' \
-              Apache-2.0 \
-              BSD-2-Clause \
-              BSD-3-Clause \
-              ISC \
-              0BSD \
-              BlueOak-1.0.0 \
-              Python-2.0 \
-              CC0-1.0 \
-              Unlicense \
-              '(MIT OR Apache-2.0)' \
-              '(MIT OR GPL-3.0)' \
-              '(Apache-2.0 OR MIT)' \
-              '(MPL-2.0 OR Apache-2.0)' \
-              CC-BY-4.0 \
-              CC-BY-3.0 \
-              GPL-3.0-only \
-              UNLICENSED \
-              UNKNOWN \
-            --ignoreRootPackageLicense
-
-          echo ''
-          echo '✅ All production dependency licenses are approved!'
+          # Use license-checker-rseidelsohn (actively maintained fork, handles monorepos)
+          # Exclude internal @comfyorg packages from license check
+          # Run in if condition to capture exit code
+          if npx license-checker-rseidelsohn@4 \
+            --production \
+            --summary \
+            --excludePackages '@comfyorg/comfyui-frontend;@comfyorg/design-system;@comfyorg/registry-types;@comfyorg/shared-frontend-utils;@comfyorg/tailwind-utils;@comfyorg/comfyui-electron-types' \
+            --onlyAllow 'MIT;MIT*;Apache-2.0;BSD-2-Clause;BSD-3-Clause;ISC;0BSD;BlueOak-1.0.0;Python-2.0;CC0-1.0;Unlicense;(MIT OR Apache-2.0);(MIT OR GPL-3.0);(Apache-2.0 OR MIT);(MPL-2.0 OR Apache-2.0);CC-BY-4.0;CC-BY-3.0;GPL-3.0-only'; then
+            echo ''
+            echo '✅ All production dependency licenses are approved!'
+          else
+            echo ''
+            echo '❌ ERROR: Found dependencies with non-approved licenses!'
+            echo ''
+            echo 'To fix this:'
+            echo '1. Check the license of the problematic package'
+            echo '2. Find an alternative package with an approved license'
+            echo '3. If the license is safe and OSI-approved, add it to the --onlyAllow list'
+            echo ''
+            echo 'For more info on OSI-approved licenses:'
+            echo 'https://opensource.org/licenses'
+            exit 1
+          fi
diff --git a/.gitignore b/.gitignore
@@ -64,6 +64,7 @@ browser_tests/local/
 dist.zip
 
 /temp/
+/tmp/
 
 # Generated JSON Schemas
 /schemas/
