npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

license-downloader

v1.3.0

Published

Download the license files of the dependencies of a project

Downloads

375

Readme

license-downloader - an add-on to license-report tool

Version License: MIT

Download the license files of the dependencies of a project based on the json report from the package 'license-report'.

Install

npm install license-downloader

Usage

'license-downloader' uses the github REST API to find the location of the license files of the project (dev-) dependencies. The license file location does not depend on the package version. Details about how the license file is detected can be found in licensee/licensee > What we look at and licensee/licensee > README.

Optionally it downloads these files to a given directory.

Usage with downloading the license files:

cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --download

A copy of the 'license-report.json' file with properties 'licenseFileLink' added is saved to the './license-files' directory (defined in option --licDir). The downloaded licenses are save in a subdirectory named 'licenses' in the directory defined in --licDir.

If option --licDir is missing, the modified 'license-report.json' file and the 'licenses' subdirectory are written to the path of the source file.

Usage without downloading the license files:

cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json

The copy of the 'license-report.json' file with properties 'licenseFileLink' added is saved to the directory of the source file.

Authorization in GitHub

License-downloader uses the github api to collect information about the license file of a project. If the rate limit for anonymous access to this api is exceeded (60 accesses per hour) you will get warnings like this:

kessler/node-tableify: License query failed. Rate limit of 60 requests per hour exceeded. please wait 1534 seconds before trying again.
caolan/async: License query failed. Rate limit of 60 requests per hour exceeded. please wait 1534 seconds before trying again.

To avoid this problem you can use a github personal access token to use the higher limits of your personal github plan. As an alternative you can use fine-grained access tokens; details can be found in the github documentation for "Get the license for a repository".

There are 2 possibilities:

use a file (recommended)

write the github token, generated in your github developer settings, to a file.

The full path to this file is written to an environment variable and the name of this environment variable is set in the config parameter 'githubToken.tokenFileEnvVar':

export GITHUB_TOKEN_FILE=/run/secrets/github_pat.txt
cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --githubToken.tokenFileEnvVar GITHUB_TOKEN_FILE --download

This is the most secure variant, as access rights can be and should be set for this file to prevent unauthorized access.

use an environment variable

Generate a github token in your github developer settings and write it to an environment variable.

If the environment variable name is GITHUB_TOKEN, then it will be used automatically. If you want to use another environment variable, you can set it with the parameter --githubToken.tokenEnvVar.

Examples:

export GITHUB_TOKEN=yourgithubtoken
cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --download

Or with a different environment variable name:

export MY_GITHUB_TOKEN=yourgithubtoken
cd your/project/
npx license-report > ./license-report.json
npx license-downloader --source ./license-report.json --licDir ./license-files --githubToken.tokenEnvVar MY_GITHUB_TOKEN --download

Show debug log

Use in linux shell

export DEBUG=license-downloader

or in windows command line

SET DEBUG=license-downloader

Development

This repo uses standard-changelog to create the CHANGELOG. To ensure that the commit messages follow the standard-changelog rules, husky is used for git hooks.

To initialize the git hooks after checking out the repo, run npx husky install.

Allowed types for commit messages are:

  • build
  • ci
  • docs
  • feat
  • fix
  • perf
  • refactor
  • release
  • revert
  • style
  • test

Allowed scopes are:

  • app
  • hacks
  • tools