{"id":16567439,"url":"https://github.com/tobysmith568/license-cop","last_synced_at":"2026-03-02T02:10:45.996Z","repository":{"id":151928964,"uuid":"620541614","full_name":"tobysmith568/license-cop","owner":"tobysmith568","description":"Yet another license checker tool for your dependencies; focused on simplicity.","archived":false,"fork":false,"pushed_at":"2024-10-24T04:55:26.000Z","size":12608,"stargazers_count":4,"open_issues_count":7,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-10-24T22:35:20.347Z","etag":null,"topics":["cli","foss","github-actions","license","license-management","npm-package","oss","spdx","spdx-licenses","typescript"],"latest_commit_sha":null,"homepage":"https://license-cop.js.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tobysmith568.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-28T22:19:41.000Z","updated_at":"2024-10-24T04:54:11.000Z","dependencies_parsed_at":"2023-09-29T22:10:24.873Z","dependency_job_id":"58f02d7f-e2a7-4bc7-bcfa-1a5ca5203458","html_url":"https://github.com/tobysmith568/license-cop","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tobysmith568%2Flicense-cop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tobysmith568%2Flicense-cop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tobysmith568%2Flicense-cop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tobysmith568%2Flicense-cop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tobysmith568","download_url":"https://codeload.github.com/tobysmith568/license-cop/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221490926,"owners_count":16831664,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","foss","github-actions","license","license-management","npm-package","oss","spdx","spdx-licenses","typescript"],"created_at":"2024-10-11T21:06:35.975Z","updated_at":"2026-03-02T02:10:45.957Z","avatar_url":"https://github.com/tobysmith568.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LicenseCop\n\nYet another license checker tool for your dependencies; focused on simplicity.\n\n\u003ca href=\"https://www.npmjs.com/package/license-cop\"\u003e\n  \u003cimg alt=\"npm\" src=\"https://img.shields.io/npm/v/license-cop?logo=npm\"\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://app.codecov.io/gh/tobysmith568/license-cop\"\u003e\n  \u003cimg alt=\"Codecov\" src=\"https://img.shields.io/codecov/c/github/tobysmith568/license-cop?logo=codecov\u0026label=Coverage\"\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://license-cop.js.org\"\u003e\n  \u003cimg alt=\"Protected by: License-Cop\" src=\"https://license-cop.js.org/shield.svg\"\u003e\n\u003c/a\u003e\n\n## Setup\n\nInstall license-cop\n\n```bash\nnpm install license-cop --save-dev\n```\n\nMake a config file\n\n```bash\nnpx license-cop init\n```\n\nRun license-cop\n\n```bash\nnpx license-cop\n```\n\nThe `license-cop` command will use an exit code of 0 if all your dependencies conform to the settings in your config file.\n\n## Config File\n\nBy default the `--init` flag will make a `.licenses.json` file, however you can use many different variations of file name and file type including:\n\n\u003c!--- cspell:disable-next-line ---\u003e\n\n- Spelling `licenses` as `licences`\n- Ending `licenses` with `rc`\n- Having the file be in a `.config/` directory\n- Using: `.json`, `.jsonc`, `.json5`, `.yaml`, `.yml`, `.js`, or `.cjs`\n- Using a `licensecop` key in a `package.json` file\n\n### Config file options\n\n#### `licenses`\n\nSpecify all of the [SPDX license codes](https://spdx.org/licenses/) that you're allowing in your dependency tree. E.g.\n\n```json\n{\n  \"licenses\": [\"MIT\", \"ISC\", \"Apache-2.0\"]\n}\n```\n\n#### `packages`\n\nSpecify all of the packages you're allowing, no matter what the license is. You can optionally lock packages by npm version ranges. E.g.\n\n```json\n{\n  \"packages\": [\"lodash\", \"axios@^2.0.0\", \"react@\u003c16\"]\n}\n```\n\n#### `extends`\n\nSpecify another license-cop config file that this file should extend.\n\n```json\n{\n  \"extends\": \"@license-cop/permissive\"\n}\n```\n\nValues can be:\n\n- The name of an installed npm package (optionally prefixed with `npm:`) that contains a license-cop config file.  \n  `@license-cop/permissive`  \n  `npm:@license-cop/permissive`\n\n\u003e [@license-cop/permissive](https://www.npmjs.com/package/@license-cop/permissive) is a base config provided by us containing a curated list of permissive licenses. We think it's a good starting point for all configs!\n\n- The name of a public github repository (prefixed with `github:`) that contains a license-cop config file. This currently only supports config files called exactly `.licenses.json`.  \n  `github:tobysmith568/license-cop-config`\n\n- A URL to a license-cop config file. Currently this only supports json config files.  \n  `https://raw.githubusercontent.com/tobysmith568/license-cop-config/main/license-cop.json`\n\n**Caveats**\n\nIf you extend a remote file, and that in-turn extends an npm package, then you're going to need to have that npm package installed locally. They're not resolved dynamically from npmjs.com.\n\n#### `includeDevDependencies`\n\n`false` by default.  \nSet to `true` to make license-cop also check your dev-dependencies.\n\n#### `devDependenciesOnly`\n\n`false` by default.  \nSet to `true` to make license-cop only check your dev-dependencies.\n\n## CI/CD Example (GitHub Actions)\n\nRunning license-cop as a part of your CI process is a great way to catch issues before they land in your main branch.\n\nBelow is an example of how you can run license-cop in its own GitHub Action job for all PRs targetting main:\n\n```yaml\nname: Check Licenses\n\non:\n  pull_request:\n    branches:\n      - main\n\njobs:\n  licenses:\n    name: Check Licenses\n\n    runs-on: ubuntu-latest\n\n    steps:\n      - uses: actions/checkout@v3\n\n      - name: Setup Node.js\n        uses: actions/setup-node@v3\n        with:\n          cache: npm\n\n      - name: Install dependencies\n        run: npm ci\n\n      - name: Run License-Cop\n        run: npx license-cop\n```\n\nThe Action above will fail if any of your node_modules have a license that isn't listed in your license-cop config file.\n\n## License\n\nLicense-cop itself is licensed under the [ISC license](https://github.com/tobysmith568/license-cop/blob/main/LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftobysmith568%2Flicense-cop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftobysmith568%2Flicense-cop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftobysmith568%2Flicense-cop/lists"}