{"id":13485200,"url":"https://github.com/google/js-green-licenses","last_synced_at":"2025-03-27T17:30:53.139Z","repository":{"id":27721994,"uuid":"115029584","full_name":"google/js-green-licenses","owner":"google","description":"JavaScript package.json License Checker","archived":false,"fork":false,"pushed_at":"2024-06-20T19:36:09.000Z","size":1890,"stargazers_count":179,"open_issues_count":24,"forks_count":27,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-18T13:05:41.873Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-21T17:15:27.000Z","updated_at":"2025-03-12T17:33:31.000Z","dependencies_parsed_at":"2024-01-15T20:51:16.900Z","dependency_job_id":"d0dd30a7-c16e-4f2f-923d-50c34275601f","html_url":"https://github.com/google/js-green-licenses","commit_stats":{"total_commits":174,"total_committers":19,"mean_commits":9.157894736842104,"dds":0.7586206896551724,"last_synced_commit":"6bedc8860488b9a0bf20411345c77a230d065771"},"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fjs-green-licenses","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fjs-green-licenses/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fjs-green-licenses/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fjs-green-licenses/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/js-green-licenses/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245892484,"owners_count":20689508,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T17:01:50.379Z","updated_at":"2025-03-27T17:30:52.826Z","avatar_url":"https://github.com/google.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","Table of Contents"],"sub_categories":["Node Modules"],"readme":"# JavaScript package.json License Checker\n\n[![npm Version][npm-image]][npm-url]\n[![CI][actions-image]][actions-url]\n[![Dependency Status][david-image]][david-url]\n[![Known Vulnerabilities][snyk-image]][snyk-url]\n[![Code Style: Google][gts-image]][gts-url]\n\n**This is not an official Google product.**\n\nThis is a tool for checking the license of JavaScript projects. It scans the\n`package.json` file to check its license and recursively checks all of its\ndependencies.\n\n**DISCLAIMER: This tool is NOT a replacement for legal advice or due\ndiligence for your project's license validity. We recommend you consult a\nlawyer if you want legal advice.**\n\n## Installation\n\n```shell\nnpm install [--save-dev] js-green-licenses\n```\n\nIf you want to install globally,\n\n```shell\nnpm install -g js-green-licenses\n```\n\n## CLI\n\n```\nusage: jsgl [-h] [-v] [--local \u003cdirectory\u003e] [--pr \u003cgithub PR\u003e]\n [--dev] [--verbose] [\u003cpackage or package@version\u003e]\n\nLicense checker for npm modules\n\nPositional arguments:\n \u003cpackage or package@version\u003e\n Package name to check license for. Can include\n version spec after @. E.g. foo@^1.2.3. Otherwise\n latest.\n\nOptional arguments:\n -h, --help Show this help message and exit.\n -v, --version Show program's version number and exit.\n --local \u003cdirectory\u003e, -l \u003cdirectory\u003e\n Check a local directory instead of public npm.\n --pr \u003cgithub PR\u003e Check a github pull request. Must be\n \u003cowner\u003e/\u003crepo\u003e/pull/\u003cid\u003e\n --dev Also check devDependencies.\n --verbose Verbose error outputs.\n```\n\nThis tool checks licenses for 1) an already published npm package, 2) a local\ndirectory, or 3) a GitHub pull request. For checking an npm package, you can\njust pass the package name (optionally together with the version) as the\nargument. To check a local directory, you should pass the `--local\npath/to/repo` argument. To check for a GitHub PR, you should pass the `--pr\n\u003cowner\u003e/\u003crepo\u003e/pull/\u003cid\u003e` argument.\n\nIf the tool finds any non-green licenses in the given package or in its\ndependencies, they will be printed out together with the detailed\ninformation.\n\nIf you pass `--dev`, the `devDependencies` will be checked as well as the\n`dependencies`.\n\n`jsgl` also checks sub-packages for `--local` and `--pr` flags when it\ndetects that the repository is a monorepo. It assumes a certain directory\nstructure for detecting whether a repository is a monorepo: the top-level\ndirectory should have the `packages` directory in it and sub-packages must\nexist under that directory. In that case, all the `package.json` files are\nfound from sub-packages and `jsgl` checks all of them.\n\nFor example, when a directory `foo` is like this:\n```\nfoo\n |\n +-- packages\n | |\n | +-- bar\n | | |\n | | +-- package.json\n | | |\n | | +-- ...\n | |\n | +-- baz\n | |\n | +-- package.json\n | |\n | +-- ...\n |\n +-- package.json\n |\n +-- ...\n```\n, `jsgl` checks all of `foo/package.json`, `foo/packages/bar/package.json`,\nand `foo/packages/baz/package.json`.\n\n## Configurations\n\nYou can customize how `jsgl` works with the configuration file, named\n`js-green-licenses.json`. For example, you can specify the license list that\nyou would like to consider green. The license IDs must be listed in the\n`greenLicenses` section of the configuration file. In that case, `jsgl` will\nuse that custom list instead of its default list.\n\nThe default green license list is:\n```javascript\nconst DEFAULT_GREEN_LICENSES = [\n '0BSD', 'AFL-2.1', 'AFL-3.0', 'APSL-2.0', 'Apache-1.1',\n 'Apache-2.0', 'Artistic-1.0', 'Artistic-2.0', 'BSD-2-Clause', 'BSD-3-Clause',\n 'BSL-1.0', 'CC-BY-1.0', 'CC-BY-2.0', 'CC-BY-2.5', 'CC-BY-3.0',\n 'CC-BY-4.0', 'CC0-1.0', 'CDDL-1.0', 'CDDL-1.1', 'CPL-1.0',\n 'EPL-1.0', 'FTL', 'IPL-1.0', 'ISC', 'LGPL-2.0',\n 'LGPL-2.1', 'LGPL-3.0', 'LPL-1.02', 'MIT', 'MPL-1.0',\n 'MPL-1.1', 'MPL-2.0', 'MS-PL', 'NCSA', 'OpenSSL',\n 'PHP-3.0', 'Ruby', 'Unlicense', 'W3C', 'Xnet',\n 'ZPL-2.0', 'Zend-2.0', 'Zlib', 'libtiff',\n];\n```\n\nYou can also allowlist some npm packages and they will be considered \"green\"\neven when they have non-green licenses or no licenses. It's useful when\n`jsgl` is unable to verify the validness of a certain package's license for\nsome reason. For example, when a package doesn't specify its license in its\n`package.json` but has a separate `LICENSE` file, `jsgl` can't verify that.\nYou can allowlist that package to make `jsgl` not complain about that\npackage.\n\nA typical configuration file looks like this:\n```javascript\n{\n \"greenLicenses\": [\n // Custom green licenses.\n \"Apache-2.0\",\n \"MIT\",\n \"BSD-3-Clause\",\n ...\n ],\n \"packageAllowlist\": [\n /* packages considered ok */\n \"foo\",\n \"bar\", // inline comment\n \"package-with-no-license\",\n \"package-with-okish-license\",\n ...\n ]\n}\n```\n\nThe `greenLicenses` section is for the custom license list and the\n`packageAllowlist` section is for the package allowlist.\n\nNote that comments are allowed in `js-green-licenses.json`.\n\nThe configuration file must be located in the top-level directory of a\nrepository for `--local` and `--pr`. When checking remote npm packages,\n`jsgl` tries to locate the configuration file in the current local directory\nfrom which `jsgl` is invoked.\n\nIt is desirable that the license names in the `greenLicenses` section be\nvalid license IDs defined in https://spdx.org/licenses/ whenever possible.\n\n## Interface as a Library\n\nYou can also use `js-green-licenses` as a library as well as a command-line\nutility. Usually the `LicenseChecker` class is the only one you would have to\nuse.\n\n### Instantiation\n\n```javascript\nconst opts = {\n dev: false,\n verbose: true,\n};\nconst checker = new LicenseChecker(opts);\n```\n\nBoth the `dev` and the `verbose` fields are optional and default to false.\nWhen `dev` is true, the `devDependencies` section is checked as well as the\n`dependencies` section of `package.json`. When `verbose` is true, `jsgl`\ngenerates more verbose output.\n\n### Use in Gulp\n\n```javascript\nconst jsgl = require('js-green-licenses');\n\ngulp.task('check_licenses', function() {\n const checker = new jsgl.LicenseChecker({\n dev: true,\n verbose: false,\n });\n checker.setDefaultHandlers();\n return checker.checkLocalDirectory('.');\n});\n```\n\n### Methods\n\n* `LicenseChecker#setDefaultHandler()`\n\n ```typescript\n setDefaultHandlers(): void;\n ```\n\n Sets the default event handlers that are used by the CLI. For events\n emitted by `LicenseChecker`, see the [*Events*](#hd-events) subsection.\n\n* `LicenseChecker#checkLocalDirectory()`\n\n ```typescript\n checkLocalDirectory(directory: string): Promise\u003cvoid\u003e;\n ```\n\n This provides the functionality of the CLI when the `--local` flag is\n passed. It finds and checks the `package.json` file in the `directory` and\n recursively checks its dependencies. This method also detects monorepos\n and checks sub-packages as well, as explained in the [CLI section](#cli)\n above.\n\n This method reads in the configuration from the `js-green-licenses.json`\n file in the `directory`, if it exists.\n\n* `LicenseChecker#checkRemotePackage()`\n\n ```typescript\n checkRemotePackage(pkg: string): Promise\u003cvoid\u003e;\n ```\n\n This provides the functionality of the CLI when neither `--local` or\n `--pr` is passed. It retrieves and checks the `package.json` for the\n remote npm package and recursively checks its dependencies.\n\n This method reads in the configuration from the `js-green-licenses.json`\n file in the current directory of the Node.js process.\n\n* `LicenseChecker#checkGitHubPR()`\n\n ```typescript\n checkGitHubPR(repo: GitHubRepository, mergeCommitSha): Promise\u003cvoid\u003e;\n ```\n\n This provides the functionality of the CLI when the `--pr` flag is\n passed. It retrieves the `package.json` file from the GitHub repository\n at the given commit SHA and checks its license and recursively checks its\n dependencies. This method also detects monorepos and checks sub-packages\n as well, as explained in the [CLI section](#cli) above.\n\n This method reads in the configuration from the `js-green-licenses.json`\n file in the repository, if it exists.\n\n `GitHubRepository` is a helper class for interacting with the GitHub API.\n You can create its instance by calling\n `LicenseChecker#prPathToGitHubRepoAndId()`.\n\n* `LicenseChecker#prPathToGitHubRepoAndId()`\n\n ```typescript\n prPathToGitHubRepoAndId(prPath: string): {\n repo: GitHubRepository;\n prId: string;\n };\n ```\n\n `prPath` must be in the form, `\u003cowner\u003e/\u003crepo\u003e/pull/\u003cid\u003e`. This method\n will return the `GitHubRepository` instance and the PR id for the\n `prPath`.\n\n### \u003ca name=\"hd-events\"\u003e\u003c/a\u003eEvents\n\nA `LicenseChecker` object emits following events during its processing.\n\n* `non-green-license`\n Emitted when a package with a non-green license is detected. The argument is\n ```typescript\n interface NonGreenLicense {\n packageName: string;\n version: string;\n licenseName: string|null;\n parentPackages: string[];\n }\n ```\n\n* `package.json`\n Emitted for each `package.json` file being checked. This is emitted only\n when checking local repositories or GitHub repositories, but not when\n checking remote packages.\n\n The argument is a file path string of the corresponding `package.json` file.\n\n* `end`\n Emitted when the processing is done. No argument is given.\n\n* `error`\n Emitted when an error occurrs while processing. The argument is\n ```typescript\n interface CheckError {\n err: Error;\n packageName: string;\n versionSpec: string;\n parentPackages: string[];\n }\n ```\n\n[actions-image]: https://github.com/google/js-green-licenses/workflows/ci/badge.svg\n[actions-url]: https://github.com/google/js-green-licenses/actions\n[codecov-url]: https://codecov.io/gh/google/js-green-licenses\n[david-image]: https://david-dm.org/google/js-green-licenses.svg\n[david-url]: https://david-dm.org/google/js-green-licenses\n[gts-image]: https://img.shields.io/badge/code%20style-google-blueviolet.svg\n[gts-url]: https://github.com/google/gts\n[npm-image]: https://img.shields.io/npm/v/js-green-licenses.svg\n[npm-url]: https://npmjs.org/package/js-green-licenses\n[snyk-image]: https://snyk.io/test/github/google/js-green-licenses/badge.svg\n[snyk-url]: https://snyk.io/test/github/google/js-green-licenses\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fjs-green-licenses","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fjs-green-licenses","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fjs-green-licenses/lists"}