chore(deps): remove license-checker-rseidelsohn and replace with GH action

.github/workflows/ci-checks.yaml

@@ -69,8 +69,6 @@ jobs:
     strategy:
       matrix:
         include:
-          - title: "license-check"
-            command: "pnpm run check-licenses"
           - title: "lint-check"
             command: "pnpm lint"
           - title: "type-check"

.github/workflows/vulnerability-check.yaml → .github/workflows/dependency-checks.yaml

@@ -1,4 +1,4 @@
-name: "Vulnerability Check"
+name: "Vulnerability and License Check"
 
 on:
   pull_request:
@@ -21,10 +21,12 @@ jobs:
     steps:
       - name: "Checkout Repository"
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: "Run Vulnerability Check"
+      - name: "Run License and Vulnerability Check"
         id: dep-review
         uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
           fail-on-severity: high
+          allow-licenses: MIT, ISC, Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSD-4-Clause, 0BSD, CC-BY-3.0, CC-BY-4.0, BlueOak-1.0.0, CC0-1.0, Python-2.0, Unlicense
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CONTRIBUTING.md

@@ -80,7 +80,7 @@ Before submitting your pull request, please ensure your code passes the followin
 - **Prettier**: Ensure your code is properly formatted by running `pnpm check-format`.
 - **Title lint**: Ensure your title is following conventional commit format, for more details please check the [workflow](.github/workflows/ci-title-lint-check.yaml)
 - **License Header**: Verify that every source file includes the correct license header as specified above.
-- **Allowed Licenses**: Ensure that any dependencies added are compliant with the list of allowed licenses (see in `package.json`). Check with `pnpm check-licenses`.
+- **Allowed Licenses**: Ensure that any dependencies added are compliant with the list of allowed licenses (see in `dependency-check.yaml`).
 - **REUSE Compliance**: Ensure that your contributions are compliant with the [REUSE guidelines](./reuse/dep5).
 - **Tests**: Make sure all tests pass. Run `pnpm test` at the root level to ensure your code didn't break other packages.
 

package.json

@@ -8,7 +8,6 @@
     "lint": "turbo run lint",
     "test": "turbo run test",
     "typecheck": "turbo run typecheck",
-    "check-licenses": "npx license-checker-rseidelsohn --summary --excludePackages='spawndamnit@3.0.1' --excludePrivatePackages --onlyAllow 'MIT;ISC;Apache-2.0;BSD-2-Clause;BSD-3-Clause;BSD-4-Clause;CC-BY-3.0;CC-BY-4.0;BlueOak-1.0.0;CC0-1.0;0BSD;Python-2.0;BSD*;Unlicense'",
     "cleanVite": "find . -type f -name 'vite.config.*.timestamp-*' -ls -delete 2>/dev/null",
     "clean": "pnpm run cleanVite && turbo run clean && rm -rf node_modules",
     "clean:cache": "turbo run clean:cache && rm -rf .turbo && rm -rf node_modules/.cache/turbo",
@@ -33,7 +32,6 @@
     "@types/node": "24.3.2",
     "eslint": "9.35.0",
     "husky": "9.1.7",
-    "license-checker-rseidelsohn": "4.4.2",
     "prettier": "3.6.2",
     "turbo": "2.5.6",
     "typescript": "5.9.2"