{"id":18226819,"url":"https://github.com/jpfulton/node-license-auditor-cli","last_synced_at":"2026-04-28T13:32:58.248Z","repository":{"id":196152811,"uuid":"694677416","full_name":"jpfulton/node-license-auditor-cli","owner":"jpfulton","description":"A CLI designed to list and audit licenses in project dependencies in node projects.","archived":false,"fork":false,"pushed_at":"2023-10-18T15:47:07.000Z","size":791,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-17T04:19:07.792Z","etag":null,"topics":["cli","licensing","nodejs"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jpfulton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null}},"created_at":"2023-09-21T13:26:47.000Z","updated_at":"2023-09-24T23:10:16.000Z","dependencies_parsed_at":"2023-09-26T19:23:16.012Z","dependency_job_id":null,"html_url":"https://github.com/jpfulton/node-license-auditor-cli","commit_stats":null,"previous_names":["jpfulton/node-license-auditor-cli"],"tags_count":45,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fnode-license-auditor-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fnode-license-auditor-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fnode-license-auditor-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fnode-license-auditor-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpfulton","download_url":"https://codeload.github.com/jpfulton/node-license-auditor-cli/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247785927,"owners_count":20995644,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","licensing","nodejs"],"created_at":"2024-11-04T05:03:42.251Z","updated_at":"2026-04-28T13:32:58.219Z","avatar_url":"https://github.com/jpfulton.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node-license-auditor-cli\n\n[![ci](https://github.com/jpfulton/node-license-auditor-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/jpfulton/node-license-auditor-cli/actions/workflows/ci.yml)\n[![npm version](https://badge.fury.io/js/%40jpfulton%2Fnode-license-auditor-cli.svg)](https://www.npmjs.com/package/@jpfulton/node-license-auditor-cli)\n![License](https://img.shields.io/badge/License-MIT-blue)\n![Visitors](https://visitor-badge.laobi.icu/badge?page_id=jpfulton.node-license-auditor-cli)\n\nA CLI designed to list and audit licenses in project dependencies in node projects. The CLI\ncan output both markdown reports and CSV files and is designed to run in CI workflows.\nIncluded in the package is a [DangerJS](https://danger.systems/js) plugin that can be\nused to audit licenses in the PR process.\n\n## Installation of the CLI\n\nYou can install this tool globally, using the following yarn command:\n\n```bash\nyarn global add @jpfulton/node-license-auditor-cli\n```\n\n## Local Configuration\n\nTo override the default configuration, which is extremely minimal, place a `.license-checker.json` file in the\nroot directory of your project with the following format:\n\n```json\n{\n  \"blackList\": [\"blacklisted-license\"],\n  \"whiteList\": [\"whitelisted-license\"]\n}\n```\n\nLicenses in the blackList array will generate errors in the report. Licenses in the\nwhiteList array will generate information lines and licenses types that exist in neither\narray generate warnings for further investigation.\n\n### License Identification Algorithm\n\nThe license identification algorithm uses a series of sources to identify the license type\nfor each dependency. The algorithm uses the following sources in order:\n\n1. The `license` field in the dependency's `package.json` file\n2. The `licenses` field in the dependency's `package.json` file\n3. A LICENSE file (or variation of that filename) in the dependency's root directory\n4. A README file (or variation of that filename) in the dependency's root directory\n\nParsing of the `package.json` `license` and `licenses` fields respects the\nvarious formats in which those fields can be specified. For example, the `license` field\ncan be specified as a string, an array of strings, or an object with a `type` field. Similarly,\nthe `licenses` field can be specified as an array of strings or an array of objects with a\n`type` field. For more information on the `license` and `licenses` fields, see the\n[package.json](https://docs.npmjs.com/cli/v7/configuring-npm/package-json#license) documentation.\n\nIf the license type cannot be identified using the above sources, the license type will be\nlisted as `UNKNOWN`. The mechanism for identifying the license type is most accurate when\nthe `license` or `licenses` field is present in the `package.json` file. Parsing of the\nLICENSE and README files is done using regular expressions and is not guaranteed to be\nas reliable as the `package.json` file.\n\nFor an understanding of the file name variations that are supported for LICENSE and README\nfiles, see the [constants.ts](./src/util/constants.ts) file.\n\n### Licenses that cannot be identified\n\nWhen a license for a dependency cannot\nbe identified by the project, the license will be listed as `UNKNOWN`. It is useful to\nblacklist `UNKNOWN` licenses to ensure that all licenses are identified through a manual process.\nIn some cases, `UNKOWN` licenses indicate that the project has no license and _may_ be\nin the public domain. In other cases, `UNKNOWN` licenses indicate that the license simply could\nnot be identified by the tool. In either case, it is useful to investigate the license and\nbe selective about which dependencies are used in the project.\n\n## Remote Configurations\n\nRemote configurations can be used to override the default configuration. To use a remote\nconfiguration, specify the URL to the configuration file using the `--remote-config` flag.\nRemote configurations are useful when applying the same configuration to multiple projects\nto avoid the need to copy the configuration file to each project and maintain the configurations\nin multiple places.\n\n```bash\nnode-license-auditor-cli csv --remote-config https://raw.githubusercontent.com/jpfulton/node-license-auditor-cli/main/.license-checker.json . \u003e report.csv\n```\n\n```bash\nnode-license-auditor-cli markdown --remote-config https://raw.githubusercontent.com/jpfulton/node-license-auditor-cli/main/.license-checker.json . \u003e report.md\n```\n\n## Usage as a DangerJS Plugin\n\nThis project can be used as a [DangerJS](https://danger.systems/js/) plugin. To use the\nplugin, install the plugin using the following command:\n\n```bash\nyarn add -D danger @jpfulton/node-license-auditor-cli\n```\n\nThen, add the following to your `dangerfile.ts`:\n\n```typescript\nimport { licenseAuditor } from \"@jpfulton/node-license-auditor-cli\";\n\nexport default async () =\u003e {\n  // Run the license auditor plugin\n  await licenseAuditor({\n    // optionally choose to fail the build if a blacklisted license is found\n    failOnBlacklistedLicense: false,\n    // specify the path to the project's package.json file, useful in a monorepo\n    // defaults to the current working directory\n    projectPath: \".\",\n    // optionally specify a remote configuration file\n    // useful when applying the same configuration to multiple projects\n    // defaults to usage of a local configuration file found at the root of the project repo\n    remoteConfigurationUrl:\n      \"https://raw.githubusercontent.com/jpfulton/jpfulton-license-audits/main/.license-checker.json\",\n    // show a summary of the license audit in the PR comment\n    // includes the number of unique dependencies and counts for each category of license found\n    showMarkdownSummary: true,\n    // show details of the license audit in the PR comment\n    // includes a table with the name, version and license of each dependency\n    // that was discovered that was not explicitly whitelisted in the configuration\n    showMarkdownDetails: true,\n  });\n};\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpfulton%2Fnode-license-auditor-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjpfulton%2Fnode-license-auditor-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpfulton%2Fnode-license-auditor-cli/lists"}