Evaluate the project package sources (such as NuGet/NPM) and analyse the used licenses

sonarcloud

(sander) #1

A good rule suggestion:

  • I would like to have insights in the external libraries used and to know if there might be a risk in using these libraries because there are requirements to open source the code using the library (such as GNU GPL with their Copyleft license)
  • snippet of Noncompliant Code: n/a
  • snippet of Compilant Code (fixing the above noncompliant code): n/a
  • external references and/or language specifications: https://opensource.org/licenses/
  • type : Code Smell
  • tags: package sources / nuget / npm