Scripts: Improve handling of check-licenses for optional dependencies#73026
Scripts: Improve handling of check-licenses for optional dependencies#73026
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
Size Change: 0 B Total Size: 2.42 MB ℹ️ View Unchanged
|
|
I think I might add back the original logic as a fallback if the license isn't available from After recalling that I've seen pull requests and diffs erratically adding or removing the |
Added in 53413fd. |
|
Those changes seem to reintroduce the issue, based on the failing build 😭 My guess to what's happening:
The combination of these two means that it will try to read the I'm not feeling that |
When not using --package-lock-only, the package information doesn't include whether the package itself is optional, but we can build up a set of known optional dependencies based on what top-level dependencies define as their own optional dependencies
|
This is tricky to solve, because when not using So what I've done is reverted back to something like I described in my original comment as an "earlier iteration" (f0dbfab), skipping optional dependencies if they're not supported for the current platform. |
|
Hm, I'm actually not sure about this solution:
|
|
Flaky tests detected in ce24828. 🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/19269742226
|
|
Are you familiar with
Something like this might list the desired packages:
Edit: Check licenses uses it here: gutenberg/bin/check-licenses.mjs Lines 26 to 40 in 5db7f24 |
|
If we want to be future-proof, it's good to known that pnpm's |
|
I had explored using |
|
I gave
I think these changes work, but I'll plan to do some more testing on Monday. I'd also welcome feedback on the approach in the meantime. |
|
Marking this ready for review. I think this approach using |
|
The code changes look good, but I'm having trouble testing and getting it to fail. Is the procedure still to modify package-lock.json and run the script? |
Good call on the instructions. I'll take a closer look and update those, but my guess is that |
|
I updated the testing instructions in the original comment. |
|
Verifying the code changes in I picked
|
sirreal
left a comment
There was a problem hiding this comment.
Looks good and works as expected in my testing 👍

What?
Updates
check-licensesscript to resolve issues in some environments where optional dependencies may be "installed" as empty folders innode_modules, causing the script to fail because the package'spackage.jsoncannot be read.Follow-up to #72996
Why?
To fix the build failures on
trunk, which currently have this issue.Example: https://github.com/WordPress/gutenberg/actions/runs/19111516403/job/54609577907
How?
Using
--package-lock-onlyoption withnpm lsdoes two things:node_modules, relying exclusively on what's inpackage-lock.jsonlicensefield we're interested inAn earlier iteration in f0dbfab was more targeted at optional dependencies and checking supported platform, but this felt unnecessarily complex.
Testing Instructions
Verify that
npm run other:check-licensespasses.To validate that the intended behavior of license checking works, try editing a license to something invalid in
package-lock.jsonand in the package's own license indicators (package.jsonlicensefield, README references), particularly with some or all of the following conditions:devDependenciesFor example, I made the following revision and verified that this is flagged as an incompatible license:
Plus manual edits to
node_modules/sass-embedded-darwin-arm64/package.jsonto changelicensefrom"MIT"to"MITbad".