npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cybozu/license-manager

v1.2.1

Published

CLI tool for license management

Downloads

9,945

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

sosukesuzukisosukesuzukioguraogurab4h0-c4tb4h0-c4tteppeisteppeis__sakito____sakito__shisamashisamanakajmgnakajmgmugi-unomugi-uno

Keywords

Readme

license-manager

license-manager is a CLI license management tool for npm dependencies.

Requirement

node >= v18.14.0
npm >= v9.3.1 (need npm query) or pnpm >= v8.10.0

Install

npm install -g @cybozu/license-manager@latest

Usage

Analyze dependencies licenses

Analyze dependencies licenses.
If invalid package found, it outputs error.

license-manager analyze -q ".prod" -w . -l MIT -l ISC -p "@types/*" -p "react@*"

Extract dependencies licenses

Extract licenses to a single file.

license-manager extract -q ".prod" -w . -l MIT -l ISC -p "@types/*" -p "react@*"

Options

Common Options

-q, --query

default:

  • analyze: ":root *"
  • extract: ":root .prod"

Query string for npm query.
license-manager uses npm query to search packages.

Attention: If the package manager is pnpm, it cannot be specified; it is the same as ":root *" for analyze and ":root .prod" for extract.

--cwd

default: (empty / process.cwd())

Current working directory for npm query.

-w, --workspace

default: (ignored)

Option for workspace option of npm query.

-m, --packageManager

default: (empty / Automatically detects)

Specify which package manager to use npm or pnpm. Automatically detected if you are running the command with npm run, npx, or pnpm run.

-c, --config

default: (./license-manager.config.js)

Config file path.

Options for analyze command

-l, --allowLicense

default: (empty / All licenses are denied)

Permitted license name.
If any package is found for which this option is not specified, analyze command will output errors.

-p, --allowPackage

default: (ignored)

Permitted package name.
Packages specified with this option are allowed regardless of the license.

-p [email protected]
-p [email protected] -p [email protected]

# Allow any version
-p foo
-p foo@*
-p foo@all

# Allow scoped package
-p @foo/*

Options for extract command

-l, --extractLicense

default: (empty / All licenses are extracted)

Extracts only packages with the specified license.
If omitted, all packages are extracted.

-p, --excludePackage

default: (ignored)

Excluded package name.

-o, --output

default: "licenses.txt" or "licenses.json"

Output file name.
Relative path from the current directory.

--json

Output licenses in JSON format.
Based on the results of npm query, and some fields be added.

  • licenseText (string) : Extracted license text.
  • licenseTextPath (string)(optional) : File path to license text file. Omitted if override function is used.
  • apacheNotice (string)(optional) : Contents of NOTICE file. Exists only if Apache-2.0 license and NOTICE file exists.
  • apacheNoticePath (string)(optional) : File path to NOTICE file.

Config file

You can write all settings to license-manager.config.js.
If license-manager.config.js exists in the current directory, it is automatically loaded.
You can change the file path with the --config option. CLI options take precedence, but license and package specifications are merged.
And you can also specify a override function in case the license and license text cannot be detected.

module.exports = {
  workspace: ".",
  analyze: {
    query: ":workspace:is([name=app]) *",
    allowLicenses: ["MIT", /BSD.*/, "ISC"],
    allowPackages: ["mypackage", /eslint/],
  },
  extract: {
    query: ":workspace:is([name=app]) .prod",
    excludePackages: [/^@cybozu/],
    extractLicenses: [/BSD.*/, "ISC"],
    output: "mylicenses.json",
    format: "json",
  },
  overrideLicense: (dep) => {
    if (dep.name === "foo/bar") {
      return "MIT";
    }
    return;
  },
  overrideLicenseText: (dep) => {
    if (dep.name === "foo/bar") {
      return { licenseText: `MY PACKAGE LICENSE` };
    }

    if (dep.name === "license-manager") {
      return {
        licensePageUrl: `https://raw.githubusercontent.com/cybozu/license-manager/v${dep.version}/LICENSE`,
      };
    }
    return;
  },
};

Utility functions

You can use utility functions in license-manager.config.js.

isMatchPackage : Verifying that package name and version match

isMatchName : Verifying that package name match

isMatchVersion : Verifying that package version match


const { isMatchPackage } = require('@cybozu/license-manager');

module.exports = {
  ...
  overrideLicense: (dep) => {
    if (isMatchPackage(dep, "foo/[email protected]")) {
      return "MIT";
    }
    return;
  },
};