Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/davglass/license-checker
Check NPM package licenses
https://github.com/davglass/license-checker
Last synced: 2 days ago
JSON representation
Check NPM package licenses
- Host: GitHub
- URL: https://github.com/davglass/license-checker
- Owner: davglass
- License: other
- Created: 2013-01-14T20:53:59.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2024-01-29T23:56:03.000Z (11 months ago)
- Last Synced: 2024-11-26T13:07:06.848Z (16 days ago)
- Language: JavaScript
- Size: 415 KB
- Stars: 1,609
- Watchers: 19
- Forks: 214
- Open Issues: 93
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
- awesome-nodejs-cn - license-checker - 对你应用中的依赖进行许可证检查 (包 / 命令行程序)
- awesome-nodejs-cn - license-checker - **star:1602** 检查应用程序依赖项的许可 (包 / 命令行程序)
- awesome-list - license-checker
- awesome-nodejs - license-checker - Check licenses of your app's dependencies. (Packages / Command-line apps)
- awesome-nodejs - license-checker - Check NPM package licenses - ★ 741 (Command-line apps)
- awesome-node - license-checker - Check licenses of your app's dependencies. (Packages / Command-line apps)
- awesome-nodejs-cn - license-checker - 检查应用程序依赖项的许可证. (目录 / 命令行应用)
README
NPM License Checker
===================
[](https://www.travis-ci.org/davglass/license-checker)
*As of v17.0.0 the `failOn` and `onlyAllow` arguments take semicolons as delimeters instead of commas. Some license names contain
commas and it messed with the parsing*
Ever needed to see all the license info for a module and its dependencies?
It's this easy:
```shell
npm install -g license-checker
mkdir foo
cd foo
npm install yui-lint
license-checker
```
You should see something like this:
```
├─ [email protected]
│ ├─ repository: http://github.com/chriso/cli
│ └─ licenses: MIT
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/node-glob
│ └─ licenses: UNKNOWN
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/node-graceful-fs
│ └─ licenses: UNKNOWN
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/inherits
│ └─ licenses: UNKNOWN
├─ [email protected]
│ └─ licenses: MIT
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/node-lru-cache
│ └─ licenses: MIT
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/node-lru-cache
│ └─ licenses: MIT
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/minimatch
│ └─ licenses: MIT
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/minimatch
│ └─ licenses: MIT
├─ [email protected]
│ ├─ repository: https://github.com/isaacs/sigmund
│ └─ licenses: UNKNOWN
└─ [email protected]
├─ licenses: BSD
└─ repository: http://github.com/yui/yui-lint
```
An asterisk next to a license name means that it was deduced from
an other file than package.json (README, LICENSE, COPYING, ...)
You could see something like this:
```
└─ [email protected]
├─ repository: https://github.com/visionmedia/debug
└─ licenses: MIT*
```
Options
-------
* `--production` only show production dependencies.
* `--development` only show development dependencies.
* `--start [path of the initial json to look for]`
* `--unknown` report guessed licenses as unknown licenses.
* `--onlyunknown` only list packages with unknown or guessed licenses.
* `--json` output in json format.
* `--csv` output in csv format.
* `--csvComponentPrefix` prefix column for component in csv format.
* `--out [filepath]` write the data to a specific file.
* `--customPath` to add a custom Format file in JSON
* `--exclude [list]` exclude modules which licenses are in the comma-separated list from the output
* `--relativeLicensePath` output the location of the license files as relative paths
* `--summary` output a summary of the license usage',
* `--failOn [list]` fail (exit with code 1) on the first occurrence of the licenses of the semicolon-separated list
* `--onlyAllow [list]` fail (exit with code 1) on the first occurrence of the licenses not in the semicolon-seperated list
* `--packages [list]` restrict output to the packages (package@version) in the semicolon-seperated list
* `--excludePackages [list]` restrict output to the packages (package@version) not in the semicolon-seperated list
* `--excludePrivatePackages` restrict output to not include any package marked as private
* `--direct look for direct dependencies only`
Exclusions
----------
A list of licenses is the simplest way to describe what you want to exclude.
You can use valid [SPDX identifiers](https://spdx.org/licenses/).
You can use valid SPDX expressions like `MIT OR X11`.
You can use non-valid SPDX identifiers, like `Public Domain`, since `npm` does
support some license strings that are not SPDX identifiers.
Examples
--------
```
license-checker --json > /path/to/licenses.json
license-checker --csv --out /path/to/licenses.csv
license-checker --unknown
license-checker --customPath customFormatExample.json
license-checker --exclude 'MIT, MIT OR X11, BSD, ISC'
license-checker --packages '[email protected];[email protected];[email protected]'
license-checker --excludePackages 'internal-1;internal-2'
license-checker --onlyunknown
```
Custom format
-------------
The `--customPath` option can be used with CSV to specify the columns. Note that
the first column, `module_name`, will always be used.
When used with JSON format, it will add the specified items to the usual ones.
The available items are the following:
- name
- version
- description
- repository
- publisher
- email
- url
- licenses
- licenseFile
- licenseText
- licenseModified
You can also give default values for each item.
See an example in [customFormatExample.json](customFormatExample.json).
Requiring
---------
```js
var checker = require('license-checker');
checker.init({
start: '/path/to/start/looking'
}, function(err, packages) {
if (err) {
//Handle error
} else {
//The sorted package data
//as an Object
}
});
```
Debugging
---------
license-checker uses [debug](https://www.npmjs.com/package/debug) for internal logging. There’s two internal markers:
* `license-checker:error` for errors
* `license-checker:log` for non-errors
Set the `DEBUG` environment variable to one of these to see debug output:
```shell
$ export DEBUG=license-checker*; license-checker
scanning ./yui-lint
├─ [email protected]
│ ├─ repository: http://github.com/chriso/cli
│ └─ licenses: MIT
# ...
```
How Licenses are Found
----------------------
We walk through the `node_modules` directory with the [`read-installed`](https://www.npmjs.org/package/read-installed) module. Once we gathered a list of modules we walk through them and look at all of their `package.json`'s, We try to identify the license with the [`spdx`](https://www.npmjs.com/package/spdx) module to see if it has a valid SPDX license attached. If that fails, we then look into the module for the following files: `LICENSE`, `LICENCE`, `COPYING`, & `README`.
If one of the those files are found (in that order) we will attempt to parse the license data from it with a list of known license texts. This will be shown with the `*` next to the name of the license to show that we "guessed" at it.