Add JSDoc comment to keep license when compiling production code #6539

andykenward · 2016-04-18T11:47:08Z

When using React in a project along with a module compiler like webpack with UglifyJs to remove comments in code. The current license comment in React is removed as it doesn't conform to JSDoc @license.

I suggest this is added so the license doesnt get removed by default and so people don't have to implement a work around to keep the license in a project.

To stop UglifyJs from removing the license comment a tag of `@license` is needed

gaearon · 2016-04-18T16:13:49Z

Looks good to me, thanks. I’ll leave this open for a few days in case anybody has objections.

jimfb · 2016-04-18T17:30:06Z

@gaearon Just make sure @zpao and @jamesgpearce see this. It's a pretty minor change, but since it touches the copyright header, it's good to get some eyes (potentially from legal).

@jamesgpearce should we ping legal on this, or is this sufficiently innocuous?

zpao · 2016-04-18T17:37:22Z

There's nothing legal needs to see here.

I'd prefer not to make this all JSDoc-y. Can we just stick @license above the actual license part (not the copyright) or even just @preserve at the top?

zpao · 2016-04-18T17:42:31Z

FWIW, this change is only going to impact the react[-*].min.js files that end up on the CDN and in dist/ in the npm package. It's not going to matter for anybody compiling the npm package via browserify or webpack (except for the webpack config that sticks the dist file in and skips the node package)

andykenward · 2016-04-18T18:22:58Z

@zpao ah you are correct. I will sort that out as that was the point of adding it.

zpao · 2016-04-18T18:33:37Z

That's going to be much more involved and would require changing every license header we have in src/ (or maybe a new build step). I personally don't think that's worth it and you probably need to make similar changes to other libraries to really be effective. And fwiw, you probably want all of those compiled away with maybe the exception of 1 for file size purposes. Maybe it would be enough to preserve the headers in the entry point (src/isomorphic/React.js).

Can you make sure this works how you expect and describe that case so we have a better idea of what you've tested.

facebook-github-bot · 2016-04-18T18:39:50Z

@andykenward updated the pull request.

gaearon · 2016-06-21T21:38:14Z

grunt/data/header-template-extended.txt

 /**
 * <%= package %> v<%= version %>
- *
+ * @license


Let’s remove changes to this one file. Since we already have a header in the React module entry point, this causes license header to be outputted twice in the UMD build.

I actually think I want to keep this so it ends up consistently at the top of all dist files.

But then we would want to add it to the files in packages/react* so that npm-bundled files also have it.

It wouldn’t be super nice if every react addon added one, would it?

Meh, it'll future proof for when those aren't a part of the react package.

gaearon · 2016-06-26T20:49:28Z

@zpao Can you clarify which files need to add @license? e.g. does ReactDOM entry point need one? LinkedInput? Every addon?

Bumps [axios](https://github.com/axios/axios) from 1.7.1 to 1.7.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.7.4</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>sec:</strong> CVE-2024-39338 (<a href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>) (<a href="https://redirect.github.com/axios/axios/issues/6543">#6543</a>) (<a href="https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a">6b6b605</a>)</li> <li><strong>sec:</strong> disregard protocol-relative URL to remediate SSRF (<a href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>) (<a href="https://github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda">07a661a</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="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/levpachmanov" title="+47/-11 ([#6543](axios/axios#6543) )">Lev Pachmanov</a></li> <li> <a href="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/hainenber" title="+49/-4 ([#6539](axios/axios#6539) )">Đỗ Trọng Hải</a></li> </ul> <h2>Release v1.7.3</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>adapter:</strong> fix progress event emitting; (<a href="https://redirect.github.com/axios/axios/issues/6518">#6518</a>) (<a href="https://github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f">e3c76fc</a>)</li> <li><strong>fetch:</strong> fix withCredentials request config (<a href="https://redirect.github.com/axios/axios/issues/6505">#6505</a>) (<a href="https://github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787">85d4d0e</a>)</li> <li><strong>xhr:</strong> return original config on errors from XHR adapter (<a href="https://redirect.github.com/axios/axios/issues/6515">#6515</a>) (<a href="https://github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388">8966ee7</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="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/DigitalBrainJS" title="+211/-159 ([#6518](axios/axios#6518) [#6519](axios/axios#6519) )">Dmitriy Mozgovoy</a></li> <li> <a href="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/ValeraS" title="+3/-3 ([#6515](axios/axios#6515) )">Valerii Sidorenko</a></li> <li> <a href="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/prianyu" title="+2/-2 ([#6505](axios/axios#6505) )">prianYu</a></li> </ul> <h2>Release v1.7.2</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> enhance fetch API detection; (<a href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>) (<a href="https://github.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc">4f79aef</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="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/DigitalBrainJS" title="+3/-3 ([#6413](axios/axios#6413) )">Dmitriy Mozgovoy</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/axios/axios/compare/v1.7.3...v1.7.4">1.7.4</a> (2024-08-13)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>sec:</strong> CVE-2024-39338 (<a href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>) (<a href="https://redirect.github.com/axios/axios/issues/6543">#6543</a>) (<a href="https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a">6b6b605</a>)</li> <li><strong>sec:</strong> disregard protocol-relative URL to remediate SSRF (<a href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>) (<a href="https://github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda">07a661a</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="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/levpachmanov" title="+47/-11 ([#6543](axios/axios#6543) )">Lev Pachmanov</a></li> <li> <a href="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/hainenber" title="+49/-4 ([#6539](axios/axios#6539) )">Đỗ Trọng Hải</a></li> </ul> <h2><a href="https://github.com/axios/axios/compare/v1.7.2...v1.7.3">1.7.3</a> (2024-08-01)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>adapter:</strong> fix progress event emitting; (<a href="https://redirect.github.com/axios/axios/issues/6518">#6518</a>) (<a href="https://github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f">e3c76fc</a>)</li> <li><strong>fetch:</strong> fix withCredentials request config (<a href="https://redirect.github.com/axios/axios/issues/6505">#6505</a>) (<a href="https://github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787">85d4d0e</a>)</li> <li><strong>xhr:</strong> return original config on errors from XHR adapter (<a href="https://redirect.github.com/axios/axios/issues/6515">#6515</a>) (<a href="https://github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388">8966ee7</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="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/DigitalBrainJS" title="+211/-159 ([#6518](axios/axios#6518) [#6519](axios/axios#6519) )">Dmitriy Mozgovoy</a></li> <li> <a href="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/ValeraS" title="+3/-3 ([#6515](axios/axios#6515) )">Valerii Sidorenko</a></li> <li> <a href="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/prianyu" title="+2/-2 ([#6505](axios/axios#6505) )">prianYu</a></li> </ul> <h2><a href="https://github.com/axios/axios/compare/v1.7.1...v1.7.2">1.7.2</a> (2024-05-21)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> enhance fetch API detection; (<a href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>) (<a href="https://github.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc">4f79aef</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="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/DigitalBrainJS" title="+3/-3 ([#6413](axios/axios#6413) )">Dmitriy Mozgovoy</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/abd24a7367726616e60dfc04cb394b4be37cf597"><code>abd24a7</code></a> chore(release): v1.7.4 (<a href="https://redirect.github.com/axios/axios/issues/6544">#6544</a>)</li> <li><a href="https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a"><code>6b6b605</code></a> fix(sec): CVE-2024-39338 (<a href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>) (<a href="https://redirect.github.com/axios/axios/issues/6543">#6543</a>)</li> <li><a href="https://github.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda"><code>07a661a</code></a> fix(sec): disregard protocol-relative URL to remediate SSRF (<a href="https://redirect.github.com/axios/axios/issues/6539">#6539</a>)</li> <li><a href="https://github.com/axios/axios/commit/c6cce43cd94489f655f4488c5a50ecaf781c94f2"><code>c6cce43</code></a> chore(release): v1.7.3 (<a href="https://redirect.github.com/axios/axios/issues/6521">#6521</a>)</li> <li><a href="https://github.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f"><code>e3c76fc</code></a> fix(adapter): fix progress event emitting; (<a href="https://redirect.github.com/axios/axios/issues/6518">#6518</a>)</li> <li><a href="https://github.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787"><code>85d4d0e</code></a> fix(fetch): fix withCredentials request config (<a href="https://redirect.github.com/axios/axios/issues/6505">#6505</a>)</li> <li><a href="https://github.com/axios/axios/commit/92cd8ed94362f929d3d0ed85ca84296c0ac8fd6d"><code>92cd8ed</code></a> chore(github): update ISSUE_TEMPLATE.md (<a href="https://redirect.github.com/axios/axios/issues/6519">#6519</a>)</li> <li><a href="https://github.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388"><code>8966ee7</code></a> fix(xhr): return original config on errors from XHR adapter (<a href="https://redirect.github.com/axios/axios/issues/6515">#6515</a>)</li> <li><a href="https://github.com/axios/axios/commit/0e4f9fa29077ebee4499facea6be1492b42e8a26"><code>0e4f9fa</code></a> chore(release): v1.7.2 (<a href="https://redirect.github.com/axios/axios/issues/6414">#6414</a>)</li> <li><a href="https://github.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc"><code>4f79aef</code></a> fix(fetch): enhance fetch API detection; (<a href="https://redirect.github.com/axios/axios/issues/6413">#6413</a>)</li> <li>See full diff in <a href="https://github.com/axios/axios/compare/v1.7.1...v1.7.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.7.1&new-version=1.7.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/react/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Added JSDoc comment for license and version

c0cab8d

To stop UglifyJs from removing the license comment a tag of `@license` is needed

facebook-github-bot added GH Review: review-needed CLA Signed labels Apr 18, 2016

gaearon added GH Review: accepted and removed GH Review: review-needed labels Apr 18, 2016

#6539 reduced comment to just @license and added to npm package of react

a4e7bf9

gaearon added GH Review: review-needed and removed GH Review: accepted labels Apr 18, 2016

gaearon mentioned this pull request Jun 21, 2016

Include licensing header into react.js #7071

Closed

gaearon removed the GH Review: review-needed label Jun 21, 2016

gaearon reviewed Jun 21, 2016
View reviewed changes

gaearon added the GH Review: needs-revision label Jun 21, 2016

ghost added the CLA Signed label Jul 12, 2016

andykenward closed this Dec 2, 2016

Add JSDoc comment to keep license when compiling production code #6539

Add JSDoc comment to keep license when compiling production code #6539

Uh oh!

Conversation

andykenward commented Apr 18, 2016

Uh oh!

gaearon commented Apr 18, 2016

Uh oh!

jimfb commented Apr 18, 2016

Uh oh!

zpao commented Apr 18, 2016

Uh oh!

zpao commented Apr 18, 2016

Uh oh!

andykenward commented Apr 18, 2016

Uh oh!

zpao commented Apr 18, 2016

Uh oh!

facebook-github-bot commented Apr 18, 2016

Uh oh!

gaearon Jun 21, 2016

Choose a reason for hiding this comment

Uh oh!

zpao Jun 21, 2016

Choose a reason for hiding this comment

Uh oh!

gaearon Jun 22, 2016

Choose a reason for hiding this comment

Uh oh!

zpao Jun 22, 2016

Choose a reason for hiding this comment

Uh oh!

gaearon commented Jun 26, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants