Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How do you manage your OSS dependencies?
3 points by leipert on July 17, 2017 | hide | past | favorite
Assuming you are building a commercial product and one of your clients requires to have a report of all OSS dependencies you use. The report should contain all sources and license text of your runtime OSS dependencies.

How would you maintain such a report? Currently we build a solution for ourselves which is a bit clunky, takes a hand curated yaml file, downloads the sources and licenses and zips them. Would this be your solution as well?

PS: We are mainly talking about Java and Javascript dependencies (mvn/npm)

EDIT: The main quest is of course to stay away from OSS dependencies with GPL, as the client does not like them.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: