Is there a way to be alerted when you introduce an open source component with a dangerous license (GPL) into your codebase? Ideally it would integrate into GitHub like TravisCI, to alert me when a Pull Request introduces a component, or if a license changed on a component that was upgraded.
I know of a few products that are related: - DavidDM (https://david-dm.org/) does dependency checking - Snyk (https://snyk.io/) does vulnerability checking - Blackduck (https://www.blackducksoftware.com/) does everything, but it's heavy, not hosted, and expensive.
I was thinking about building one myself if I can't find something out there. Would anyone else use it? Node.js and Bower support first, others later.