npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

license-scan

v0.1.2

Published

Base project for creating a console application in Typescript

Downloads

342

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

skonvesskonves

Keywords

Readme

License Scan

Automatically scan the licenses of your project and its dependencies

Quick start

  1. Install from npm: npm install -g license-scan
  2. Navigate your project directory
  3. Scan licenses: license-scan

This will create a license-scan.csv file in the root of your repo that contains all of the packages versions and their respective licenses. You will likely want to commit this file to source control so that you can track when new licenses are added to your project's dependency tree.

Note that this tool reads from package-lock.json as well as from node_modules. For the best experience, please ensure that you are running the latest version of npm and have recently run npm ci.

Configuration

You can configure the scan by adding a .licenserc file that contains json formatted data. The scan will look for this config file in the current directory, any of its parent directories, or any other place that "rc" files are normally stored.

Whitelist

You can add an array of licenses in the optional whitelist property. If the whitelist property is present, then any package version with a license NOT in the whitelist will cause the scan to exit with a non-zero code. The .csv output file will be generated even if the file exits with a non-zero code. Note that licenses are evalated by exact case-sensitive string matching. If the whitelist property is present then the optional blacklist property is ignored.

Example:

{
  "whitelist": [
    "BSD",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "BSD-3-Clause OR MIT",
    "MIT"
  ]
}

Blacklist

If a whitelist is not specified, then you can add an array of licenses to the optional blacklist property. Any package version with a license in the blacklist will cause the scan to exit with a non-zero code. The .csv output file will be generated even if the file exits with a non-zero code. Note that licenses are evalated by exact case-sensitive string matching. If the whitelist property is present then the optional blacklist property is ignored.

Example:

{
  "blacklist": ["GPL", "GPL-2.0"]
}

Defaults

This scan looks at the package.json files to determine the license for the particular package version. Occasionally packages do not disclose their licenses in this way. You can add an optional defaults property that provides the license for a specific version of a package. Note that if the package.json for the specific package version DOES include the license, then this value is ignored. If a dependecy does not disclose its license via the package.json file or the defaults property, then the scan will exit with a non-zero code.

Example:

{
  "defaults": {
    "[email protected]": "MIT"
  }
}

Output

A different output file can be specified with the optional output property. If this property is not set, then the default license-scan.csv is used.

Example:

{
  "output": "package-licenses.csv"
}

How to:

Build and run from source

  1. Build the code: npm run build
  2. Run it! npm start

Disclaimer

Software licensing can be complicated. The examples used in this project do not endorse or discourage the use of any license. Use of this tool does not constitute legal advice or legal services.