pnpm-license-checker

This is a single dependency, small package that checks if the output of pnpm licenses complies with common "good" open source licenses.

It will only work with projects using pnpm >= 9.x.

Installation

pnpm add pnpm-license-checker -D

Usage

pnpm-license-checker

The -P / --prod, and -D / --dev options are passed on to pnpm licenses (more info on these options). For example, this command checks the licenses of only your production dependencies:

pnpm-license-checker --prod

You may want to define a script in your package.json like:

"scripts": {
  "license:check": "pnpm-license-checker"
}

Configuration

You can configure the license checker in a .pnpm-license-checker.json file. This is parsed using JSON5, so you can use comments.

Specifying Allowed Packages

Sometimes you may want to specifically allow certain packages that are internal or have a one-off license that you do not want to blanket allow.

{
  "allowedPackages": ["specific-package1"]
}

Overriding Allowed Licenses

We have a default list of allowed licenses, if you do not want to specify your own, it will default to:

// Default allowed licenses
const defaultAllowedLicenses = [
  'Apache-2.0',
  'All Rights Reserved',
  'Artistic-2.0',
  'BlueOak-1.0.0',
  '0BSD',
  'BSD',
  'BSD-2-Clause',
  'BSD-3-Clause',
  'CC0-1.0',
  'CC-BY-4.0',
  'CC BY-SA 4.0',
  'ISC',
  'LGPL-3.0-or-later',
  'MIT',
  'MIT-0',
  'MPL-2.0',
  'Public Domain',
  'Python-2.0',
  'Unicode-DFS-2016',
  'Unlicense',
  'UNLICENSED',
];

However, if this list does not meet your needs, you are welcome to override it in .pnpm-license-checker.json:

{
  "allowedLicenses": ["BSD", "MIT"]
}

This will replace all the default licenses, so if you want to use the default list and add some, you will need to provide all the licenses you want to support.