ProductPromotion
Logo

Node.JS

made by https://0x3d.site

GitHub - davglass/license-checker: Check NPM package licenses
Check NPM package licenses. Contribute to davglass/license-checker development by creating an account on GitHub.
Visit Site

GitHub - davglass/license-checker: Check NPM package licenses

GitHub - davglass/license-checker: Check NPM package licenses

NPM License Checker

Build Status

As of v17.0.0 the failOn and onlyAllow arguments take semicolons as delimeters instead of commas. Some license names contain commas and it messed with the parsing

Ever needed to see all the license info for a module and its dependencies?

It's this easy:

npm install -g license-checker

mkdir foo
cd foo
npm install yui-lint
license-checker

You should see something like this:

├─ [email protected]
│  ├─ repository: http://github.com/chriso/cli
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-glob
│  └─ licenses: UNKNOWN
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-graceful-fs
│  └─ licenses: UNKNOWN
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/inherits
│  └─ licenses: UNKNOWN
├─ [email protected]
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-lru-cache
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-lru-cache
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/minimatch
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/minimatch
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/sigmund
│  └─ licenses: UNKNOWN
└─ [email protected]
   ├─ licenses: BSD
      └─ repository: http://github.com/yui/yui-lint

An asterisk next to a license name means that it was deduced from an other file than package.json (README, LICENSE, COPYING, ...) You could see something like this:

└─ [email protected]
   ├─ repository: https://github.com/visionmedia/debug
   └─ licenses: MIT*

Options

  • --production only show production dependencies.
  • --development only show development dependencies.
  • --start [path of the initial json to look for]
  • --unknown report guessed licenses as unknown licenses.
  • --onlyunknown only list packages with unknown or guessed licenses.
  • --json output in json format.
  • --csv output in csv format.
  • --csvComponentPrefix prefix column for component in csv format.
  • --out [filepath] write the data to a specific file.
  • --customPath to add a custom Format file in JSON
  • --exclude [list] exclude modules which licenses are in the comma-separated list from the output
  • --relativeLicensePath output the location of the license files as relative paths
  • --summary output a summary of the license usage',
  • --failOn [list] fail (exit with code 1) on the first occurrence of the licenses of the semicolon-separated list
  • --onlyAllow [list] fail (exit with code 1) on the first occurrence of the licenses not in the semicolon-seperated list
  • --packages [list] restrict output to the packages (package@version) in the semicolon-seperated list
  • --excludePackages [list] restrict output to the packages (package@version) not in the semicolon-seperated list
  • --excludePrivatePackages restrict output to not include any package marked as private
  • --direct look for direct dependencies only

Exclusions

A list of licenses is the simplest way to describe what you want to exclude.

You can use valid SPDX identifiers. You can use valid SPDX expressions like MIT OR X11. You can use non-valid SPDX identifiers, like Public Domain, since npm does support some license strings that are not SPDX identifiers.

Examples

license-checker --json > /path/to/licenses.json
license-checker --csv --out /path/to/licenses.csv
license-checker --unknown
license-checker --customPath customFormatExample.json
license-checker --exclude 'MIT, MIT OR X11, BSD, ISC'
license-checker --packages '[email protected];[email protected];[email protected]'
license-checker --excludePackages 'internal-1;internal-2'
license-checker --onlyunknown

Custom format

The --customPath option can be used with CSV to specify the columns. Note that the first column, module_name, will always be used.

When used with JSON format, it will add the specified items to the usual ones.

The available items are the following:

  • name
  • version
  • description
  • repository
  • publisher
  • email
  • url
  • licenses
  • licenseFile
  • licenseText
  • licenseModified

You can also give default values for each item. See an example in customFormatExample.json.

Requiring

var checker = require('license-checker');

checker.init({
    start: '/path/to/start/looking'
}, function(err, packages) {
    if (err) {
        //Handle error
    } else {
        //The sorted package data
        //as an Object
    }
});

Debugging

license-checker uses debug for internal logging. There’s two internal markers:

  • license-checker:error for errors
  • license-checker:log for non-errors

Set the DEBUG environment variable to one of these to see debug output:

$ export DEBUG=license-checker*; license-checker
scanning ./yui-lint
├─ [email protected]
│  ├─ repository: http://github.com/chriso/cli
│  └─ licenses: MIT
# ...

How Licenses are Found

We walk through the node_modules directory with the read-installed module. Once we gathered a list of modules we walk through them and look at all of their package.json's, We try to identify the license with the spdx module to see if it has a valid SPDX license attached. If that fails, we then look into the module for the following files: LICENSE, LICENCE, COPYING, & README.

If one of the those files are found (in that order) we will attempt to parse the license data from it with a list of known license texts. This will be shown with the * next to the name of the license to show that we "guessed" at it.

Articles
to learn more about the nodejs concepts.

Resources
which are currently available to browse on.

mail [email protected] to add your project or resources here 🔥.

FAQ's
to know more about the topic.

mail [email protected] to add your project or resources here 🔥.

Queries
or most google FAQ's about NodeJS.

mail [email protected] to add more queries here 🔍.

More Sites
to check out once you're finished browsing here.

0x3d
https://www.0x3d.site/
0x3d is designed for aggregating information.
NodeJS
https://nodejs.0x3d.site/
NodeJS Online Directory
Cross Platform
https://cross-platform.0x3d.site/
Cross Platform Online Directory
Open Source
https://open-source.0x3d.site/
Open Source Online Directory
Analytics
https://analytics.0x3d.site/
Analytics Online Directory
JavaScript
https://javascript.0x3d.site/
JavaScript Online Directory
GoLang
https://golang.0x3d.site/
GoLang Online Directory
Python
https://python.0x3d.site/
Python Online Directory
Swift
https://swift.0x3d.site/
Swift Online Directory
Rust
https://rust.0x3d.site/
Rust Online Directory
Scala
https://scala.0x3d.site/
Scala Online Directory
Ruby
https://ruby.0x3d.site/
Ruby Online Directory
Clojure
https://clojure.0x3d.site/
Clojure Online Directory
Elixir
https://elixir.0x3d.site/
Elixir Online Directory
Elm
https://elm.0x3d.site/
Elm Online Directory
Lua
https://lua.0x3d.site/
Lua Online Directory
C Programming
https://c-programming.0x3d.site/
C Programming Online Directory
C++ Programming
https://cpp-programming.0x3d.site/
C++ Programming Online Directory
R Programming
https://r-programming.0x3d.site/
R Programming Online Directory
Perl
https://perl.0x3d.site/
Perl Online Directory
Java
https://java.0x3d.site/
Java Online Directory
Kotlin
https://kotlin.0x3d.site/
Kotlin Online Directory
PHP
https://php.0x3d.site/
PHP Online Directory
React JS
https://react.0x3d.site/
React JS Online Directory
Angular
https://angular.0x3d.site/
Angular JS Online Directory