feat: automate bundled dependency license aggregation for npm releases (#790)

Add a shared rolldown plugin (`scripts/generate-license.ts`) that scans
chunk moduleIds to identify bundled node_modules packages, reads their
license info, and generates LICENSE.md matching Vite's format. Integrated
into all three published packages (cli, core, test) with post-build
validation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Medium risk because it changes the build pipeline for all published packages and can fail releases if dependency resolution/scanning misses packages or can’t locate license files (especially across pnpm layouts). No runtime code paths are modified.
> 
> **Overview**
> Adds a shared `scripts/generate-license.ts` utility that scans built artifacts for `//#region ...node_modules...` markers, resolves referenced packages (including pnpm store layouts), reads their metadata/license texts, and emits a Vite-style aggregated `LICENSE.md`.
> 
> Integrates this generator into the `cli`, `core`, and `test` build scripts (with package-specific `bundledPaths`, `resolveFrom`, and `extraPackages`), updates `.gitignore` to ignore generated `LICENSE.md`, and makes builds fail if the license file isn’t produced.
> 
> <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0ab46c8. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: Brooooooklyn

packages/cli/.gitignore

@@ -1,4 +1,5 @@
 /npm
 /artifacts
 /LICENSE
+/LICENSE.md
 /skills/vite-plus/docs

packages/cli/build.ts

@@ -37,6 +37,8 @@ import {
   ModuleKind,
 } from 'typescript';
 
+import { generateLicenseFile } from '../../scripts/generate-license.ts';
+
 const projectDir = dirname(fileURLToPath(import.meta.url));
 const TEST_PACKAGE_NAME = '@voidzero-dev/vite-plus-test';
 const CORE_PACKAGE_NAME = '@voidzero-dev/vite-plus-core';
@@ -59,6 +61,17 @@ const napiArgs = process.argv
 if (!skipTs) {
   await buildCli();
   buildGlobalModules();
+  generateLicenseFile({
+    title: 'Vite-Plus CLI license',
+    packageName: 'Vite-Plus',
+    outputPath: join(projectDir, 'LICENSE.md'),
+    coreLicensePath: join(projectDir, '..', '..', 'LICENSE'),
+    bundledPaths: [join(projectDir, 'dist', 'global')],
+    resolveFrom: [projectDir],
+  });
+  if (!existsSync(join(projectDir, 'LICENSE.md'))) {
+    throw new Error('LICENSE.md was not generated during build');
+  }
 }
 // Build native first - TypeScript may depend on the generated binding types
 if (!skipNative) {

packages/core/.gitignore

@@ -1 +1,2 @@
 /LICENSE
+/LICENSE.md

packages/core/build.ts

@@ -15,6 +15,7 @@ import { build, type BuildOptions } from 'rolldown';
 import { dts } from 'rolldown-plugin-dts';
 import { glob } from 'tinyglobby';
 
+import { generateLicenseFile } from '../../scripts/generate-license.ts';
 import { buildCjsDeps } from './build-support/build-cjs-deps';
 import { replaceThirdPartyCjsRequires } from './build-support/find-create-require';
 import { RewriteImportsPlugin } from './build-support/rewrite-imports';
@@ -51,6 +52,41 @@ await buildVite();
 await bundleTsdown();
 await brandTsdown();
 await bundleVitepress();
+generateLicenseFile({
+  title: 'Vite-Plus core license',
+  packageName: 'Vite-Plus',
+  outputPath: join(projectDir, 'LICENSE.md'),
+  coreLicensePath: join(projectDir, '..', '..', 'LICENSE'),
+  bundledPaths: [join(projectDir, 'dist')],
+  resolveFrom: [
+    projectDir,
+    join(projectDir, '..', '..'),
+    join(projectDir, '..', '..', 'rolldown'),
+    join(projectDir, '..', '..', 'rolldown-vite'),
+  ],
+  extraPackages: [
+    {
+      packageDir: rolldownSourceDir,
+      licensePath: join(projectDir, '..', '..', 'rolldown', 'LICENSE'),
+    },
+    {
+      packageDir: rolldownPluginUtilsDir,
+      licensePath: join(projectDir, '..', '..', 'rolldown', 'LICENSE'),
+    },
+    {
+      packageDir: rolldownViteSourceDir,
+    },
+    {
+      packageDir: tsdownSourceDir,
+    },
+    {
+      packageDir: join(projectDir, '..', '..', 'node_modules', 'vitepress'),
+    },
+  ],
+});
+if (!existsSync(join(projectDir, 'LICENSE.md'))) {
+  throw new Error('LICENSE.md was not generated during build');
+}
 await mergePackageJson();
 await syncLicenseFromRoot();
 

packages/test/build.ts

@@ -36,6 +36,7 @@
 //   - BUNDLE only leaf deps (chai, etc.) to reduce install size
 //   - Separate entries prevent __vite__injectQuery errors in browser
 
+import { existsSync } from 'node:fs';
 import {
   copyFile,
   glob as fsGlob,
@@ -55,6 +56,7 @@ import { format } from 'oxfmt';
 import { build } from 'rolldown';
 import { dts } from 'rolldown-plugin-dts';
 
+import { generateLicenseFile } from '../../scripts/generate-license.ts';
 import pkg from './package.json' with { type: 'json' };
 
 const projectDir = dirname(fileURLToPath(import.meta.url));
@@ -222,6 +224,23 @@ await patchChaiTypeReference();
 await patchMockerHoistedModule();
 const pluginExports = await createPluginExports();
 await mergePackageJson(pluginExports);
+generateLicenseFile({
+  title: 'Vite-Plus test license',
+  packageName: 'Vite-Plus',
+  outputPath: join(projectDir, 'LICENSE.md'),
+  coreLicensePath: join(projectDir, '..', '..', 'LICENSE'),
+  bundledPaths: [distDir],
+  resolveFrom: [projectDir, join(projectDir, '..', '..')],
+  extraPackages: [
+    { packageDir: vitestSourceDir },
+    ...VITEST_PACKAGES_TO_COPY.map((packageName) => ({
+      packageDir: resolve(projectDir, 'node_modules', packageName),
+    })),
+  ],
+});
+if (!existsSync(join(projectDir, 'LICENSE.md'))) {
+  throw new Error('LICENSE.md was not generated during build');
+}
 await syncLicenseFromRoot();
 await validateExternalDeps();