This is a container wrapper for The Eclipse Dash License Tool that allows you to easily generate dependencies files with a container image without the need to compile the dash-licenses jar.
- Multi-package manager support: Works with Maven, npm, Yarn (v1), and Yarn 3+
- TypeScript-based: Fully written in TypeScript with type safety
- Comprehensive logging: Structured logging for better debugging
- Debug mode: Copy all temporary files for inspection
- License header enforcement: Automated license header checking and fixing
- CI/CD ready: Designed for integration into build pipelines
- Maven (
pom.xml) - npm (
package-lock.json) - Yarn v1 (
yarn.lockwith Yarn < 2) - Yarn 3+ (
yarn.lockwith Yarn >= 3)
- Docker or Podman
- Node.js >= 20.0.0 (for local development)
Generate dependency information for your project:
docker run --rm -t \
-v ${PWD}:/workspace/project \
quay.io/che-incubator/dash-licenses:next --batch 200This command creates the following files in .deps/:
prod.md- List of production dependenciesdev.md- List of development and test dependenciesproblems.md- Issues found (missing CQs, etc.)
Using --batch 200 makes the tool more stable by reducing API load and avoiding timeouts.
Verify that all dependencies satisfy IP requirements without generating new files:
docker run --rm -t \
-v ${PWD}:/workspace/project \
quay.io/che-incubator/dash-licenses:next --check --batch 200Get all generated files including logs and intermediate files:
docker run --rm -t \
-v ${PWD}:/workspace/project \
quay.io/che-incubator/dash-licenses:next --debug --batch 200This copies all temporary files to .deps/tmp/ for inspection.
Control the batch size for license processing (default: 500, recommended: 200):
# Using command-line argument (recommended)
docker run --rm -t \
-v ${PWD}:/workspace/project \
quay.io/che-incubator/dash-licenses:next --batch 200
# Or using environment variable
docker run --rm -t \
-v ${PWD}:/workspace/project \
-e BATCH_SIZE=200 \
quay.io/che-incubator/dash-licenses:nextLower batch sizes (like 200) are more stable and less likely to hit API rate limits or timeouts.
dash-licenses/
├── build/ # Build and Docker files
│ ├── create-image.sh # Container image build script
│ └── dockerfiles/
│ ├── Dockerfile # Main Dockerfile
│ └── entrypoint.sh # Container entrypoint
├── dist/ # Compiled JavaScript output
│ ├── document.js
│ └── package-managers/ # Compiled package manager modules
├── scripts/ # Utility scripts
│ ├── container_tool.sh # Docker/Podman wrapper script
│ └── strip-headers.sh # License header utility
├── src/ # TypeScript source code
│ ├── document/ # Document generation module
│ │ ├── __tests__/ # Document tests
│ │ └── index.ts # Main document logic
│ ├── helpers/ # Shared utilities
│ │ ├── __tests__/ # Helper tests
│ │ ├── chunked-processor.ts # Batch processing utilities
│ │ ├── package-manager-base.ts # Base class for package managers
│ │ ├── types.ts # TypeScript type definitions
│ │ └── utils.ts # Common helper functions
│ └── package-managers/ # Package manager implementations
│ ├── mvn/ # Maven support
│ │ ├── __tests__/
│ │ ├── bump-deps.ts # Dependency processing
│ │ ├── index.ts # Entry point
│ │ └── mvn-processor.ts # Maven-specific logic
│ ├── npm/ # npm support
│ │ ├── __tests__/
│ │ ├── bump-deps.ts
│ │ ├── index.ts
│ │ ├── npm-processor.ts
│ │ └── parser.ts # package-lock.json parser
│ ├── yarn/ # Yarn v1 support
│ │ ├── __tests__/
│ │ ├── bump-deps.ts
│ │ ├── index.ts
│ │ ├── parser.ts
│ │ └── yarn-processor.ts
│ └── yarn3/ # Yarn 3+ support
│ ├── __tests__/
│ ├── bump-deps.ts
│ ├── index.ts
│ ├── parser.ts
│ └── yarn3-processor.ts
├── tests/ # End-to-end tests and fixtures
│ ├── e2e/ # Docker container tests
│ │ └── docker.test.ts
│ ├── fixtures/ # Test data
│ │ ├── mvn-sample/
│ │ ├── npm-sample/
│ │ └── yarn-sample/
│ └── setup.ts # Test setup
├── header-check.js # License header enforcement
├── package.json
├── tsconfig.json # TypeScript configuration
└── webpack.config.js # Build configuration
- Node.js >= 20.0.0
- npm or yarn
- Docker or Podman (for testing container)
# Install dependencies
npm install
# Build TypeScript
npm run build
# Run tests
npm testnpm run build- Compile TypeScript to JavaScript (auto-cleans first)npm run clean- Remove build artifactsnpm run build:watch- Watch mode for developmentnpm run type-check- Type check without compilation
npm test- Run all testsnpm run test:watch- Watch mode for testsnpm run test:coverage- Generate coverage reportnpm run test:unit- Run unit tests onlynpm run test:e2e- Run end-to-end tests only
npm run lint- Run ESLintnpm run lint:fix- Fix ESLint issues automaticallynpm run type-check- TypeScript type checking without compilation
npm run header:check- Check license headers in all filesnpm run header:verbose- Check with verbose outputnpm run header:fix- Automatically add missing license headers
# Build using the build script
./build/create-image.sh
# Or build manually
docker build -f build/dockerfiles/Dockerfile -t quay.io/che-incubator/dash-licenses:next .Test the container locally:
# Using the container tool script (supports Docker/Podman)
./scripts/container_tool.sh run --rm -t \
-v ${PWD}:/workspace/project \
quay.io/che-incubator/dash-licenses:next --debug --batch 200License headers are enforced using header-check.js at the project root.
To check headers:
npm run header:checkTo fix missing headers:
npm run header:fixESLint is configured for TypeScript. Run with:
npm run lint
npm run lint:fix # Auto-fix issues-
Project Detection: The tool detects the package manager by checking for:
pom.xml→ Mavenpackage-lock.json→ npmyarn.lock→ Yarn (version determined automatically)
-
Dependency Extraction: The appropriate parser extracts dependency information:
- Maven: Uses
mvn dependency:list - npm: Parses
package-lock.json - Yarn: Uses
yarn licenses listoryarn info
- Maven: Uses
-
License Analysis: Dependencies are sent to Eclipse Dash License Tool in batches to:
- Identify licenses
- Check for CQ (Contribution Questionnaire) status
- Detect restricted licenses
-
Document Generation: Creates markdown files:
prod.md: Production dependencies with license infodev.md: Development dependencies with license infoproblems.md: Issues requiring attention
-
Exclusion Handling: Manual exclusions can be added in
.deps/EXCLUDED/:prod.md: Production dependencies that don't need CQsdev.md: Development dependencies that don't need CQs
If you encounter permission errors when creating .deps/ directory, ensure the mounted volume has proper permissions. The container will attempt to create the directory structure automatically.
If the DEPENDENCIES file is empty:
- Check your internet connection (Eclipse Foundation API access required)
- Verify the batch size isn't too large
- Use
--debugflag to inspect intermediate files
For Yarn 3 projects:
- Ensure Yarn 3 is properly configured
- The tool will automatically install the licenses plugin if needed
- Check
.deps/tmp/yarn-deps-info.jsonin debug mode
- Fork the repository
- Create a feature branch
- Make your changes
- Ensure all tests pass:
npm test - Check code quality:
npm run lint && npm run format:check - Check license headers:
npm run header:check - Submit a pull request
- Follow TypeScript best practices
- Use the provided ESLint and Prettier configurations
- Ensure all files have proper license headers
- Write tests for new features
This project is licensed under the Eclipse Public License 2.0 (EPL-2.0).
- Eclipse Dash License Tool - The underlying license analysis tool
- Eclipse Che - Uses this tool for dependency management
For issues and questions:
- GitHub Issues: https://github.com/che-incubator/dash-licenses/issues
- Eclipse Che Community: https://github.com/eclipse-che/che