npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

liblice

v3.2.0

Published

liblice is a module to detect licenses throughout your entire installed dependency tree.

Downloads

16

Readme

liblice

liblice is a module to detect licenses throughout your entire installed dependency tree.

liblice crawls node_modules, fetches all package.json files, and parses them. It can return the data it fetches in a few different ways, depending on how you want to consume it.

Installation

npm install liblice

Usage

list Output

Returns an array of all licenses – plus any invalid licenses – within the node modules of the passed directory.

const { list } = require('liblice')

list('.') // where the current working directory has node_modules

modules Output

Returns an object of all modules, their license expression, the path to the module, their version, their author, and their conformance information.

const { modules } = require('liblice')

modules('.') // where the current working directory has node_modules

licenses Output

Returns an object the names of every license as a key, with the value being an object of objects that includes:

  • All packages that use the license
  • Conformance information for that license
  • Total number of occurrences of the license
const { licenses }  = require('liblice')

licenses('.') // where the current working directory has node_modules

What is Conformance Information

Conformance information is information that could be useful in the context of license conformance. Specifically, information included is a full list of all individual license IDs in the license expression (often this is identical to the license expression itself, but sometimes it's not), the links to the SPDX-hosted versions of the included licenses, and information that mirrors what can be found in the SPDX license list:

  • The osi property, which indicates if all licenses in the license expression are OSI compliant
  • The fsf property, which indicates if all licenses in the license expression are FSF compliant
  • The fsfAndOSI property, which indicates if all licenses in the license expression are both OSI and FSF compliant
  • The includesDeprecated property, which indicates if one or more licenses in the license expression are deprecated IDs.

Caveats

Currently, liblice excludes searching any directory in node_modules that includes /.bin/ since it is a problematic directory and doesn't actually add any value that is not already otherwise derived.

TODOs

  • Perhaps detect pacakge.json in passed path as validation?
  • Tests. Always tests.