npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

legally

v3.5.10

Published

Check the licenses for the packages that you are using

Downloads

13,370

Readme

Legally npx legally test badge

Disclaimer: I am not a lawyer and this is not legal advice

Discover the license of npm packages that you are using in an easy way:

npm install legally -g    # Make it work everywhere
legally                   # Check licenses of current directory
legally express           # Check an npm library's licenses

It will display first those node_modules' licenses:

Licenses

- means the license couldn't be found and ? that it was found but couldn't be parsed

And then the license count in your project (different example from the one above):

License count

Finally, you will get a small report stating whether everything is correct or not:

License count

License count

If you want to understand what the licenses mean, Elad Nava created tldrlegal based on legally.

Documentation

You can use this library programmatically with Node.js as well: Node.js API

The plain command will perform an analysis in-depth of your installed packages and report everything, and that's likely all that you will need:

legally

Remote packages

To check a package's license before adding it to your project name it and legally will analyze it. Let's check express's licenses':

legally express

It will take a while since it has to download it and its dependencies and then it will perform the same analysis as if it was the only package in your repository. You can also check many at the same time:

legally express body-parser formidable

Selective analysis

To show only a part of the analysis, pass the name of the part that you want to show

# List of packages and their licenses
legally -p
legally --show packages

# Breakdown of what licenses your dependencies have
legally -l
legally --show licenses

# Overview with actionable points
legally -r
legally --show reports

You can also combine them with:

legally -lr   # licenses and reports
legally --show licenses --show reports  # same

Type and filter

You can perform two kind of filters; strict filter (type) or soft filter (filter) both of them case-insensitive. The type will match only those passed literally, while the filter will look for the name within the license type:

legally --type mit  # match "MIT"
legally --filter cc   # match "cc0", "cc-by 3.0", etc

You can also combine them

# Display MIT and BSD family
legally --type mit --filter bsd

Or just put several filters

# Display MIT and BSD families
legally --filter mit --filter bsd

Styles

You can change the style of the table with the --border option. Try the ascii option if the table is not displayed correctly by default:

legally --border thin
legally --border bold
legally --border double
legally --border ascii  # This will work in most systems

ASCII style

You can use the --plain option for output without any ANSI escape codes:

legally --plain
legally --plain > license-report.txt

Lastly, you can also add a width if not all of your licenses are displayed correctly and will adjust it approximately. Make sure to adjust your terminal size accordingly. It defaults to 80:

legally --width 100

Node.js API

const legally = require('legally');

(async () => {
  const licenses = await legally('express');
  console.log(licenses);
  // {
  //   '[email protected]': { package: [ 'MIT' ], license: [ 'MIT' ], readme: [] },
  //   '[email protected]': { package: [ 'MIT' ], license: [ 'MIT' ], readme: [] },
  //   ...
  // }
})();

Note: to avoid your Node.js process from exiting too early if you copy-paste the above example, see this StackOverflow answer (by myself):

const legally = require('legally');

var done = (function wait () { if (!done) setTimeout(wait, 1000) })();

(async () => {
  const licenses = await legally('express');
  console.log(licenses);
  // {
  //   '[email protected]': { package: [ 'MIT' ], license: [ 'MIT' ], readme: [] },
  //   '[email protected]': { package: [ 'MIT' ], license: [ 'MIT' ], readme: [] },
  //   ...
  // }
  done = true;
})();

You can put each package with a single license string like MIT or MIT+ISC:

const legally = require('legally');

const unique = (value, index, self) => self.indexOf(value) === index;
const toStr = lic => [...lic.package, ...lic.license, ...lic.readme].filter(unique).join('+');
const plain = licenses => Object.entries(licenses).reduce((obj, [pack, lic]) => ({
  ...obj, [pack]: toStr(lic)
}), {});

(async () => {
  const licenses = await legally('express');
  console.log(plain(licenses));
  // {
  //   '[email protected]': 'MIT',
  //   '[email protected]': 'MIT',
  //   ...
  // }
})();

FAQ

WTF does this license mean?

There's a service called TL;DR Legal that helps you navigate those licenses and Elad Nava created tldrlegal based on that and built on top of legally.

It says 'No modules installed'

Make sure that you are in the root folder for your project; doing ls you should be able to see node_modules

I have more licenses than dependencies

That could happen. While we only account for one license type per project, a project can have (and many do it) several licenses at the same time.

In the Packages table, you can see this is indicated with a +. For example, JSONStream has these licenses parsed out of package.json: MIT + Apache 2

Does it check all modules by npm?

Yes, it will check all of the modules in node_modules and the nested ones except for folders starting with ..

What licenses does it check?

It attempts to find Apache, BSD (2 and 3 Clause), CC0, ISC and MIT. It will also attempt to clean existing ones. The list is short, so please feel free to expand it adding a new file in /licenses:

// File /licenses/mit.js
module.exports.name = 'MIT';
module.exports.regex = /(?:The )?MIT(?: (L|l)icense)/;
module.exports.text = `
  Permission is hereby granted, free of charge, to any person obtaining a copy
  ...
  furnished to do so, subject to the following conditions:

  The above copyright notice and this permission notice shall be included in
  all copies or substantial portions of the Software.
`;
module.exports.fragments = module.exports.text.split(/\n\n/);