npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

licensing

v0.1.0

Published

Discover the license footprint of your application

Downloads

55

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

v1v13rdeden3rdeden

Keywords

licenselicensinglicenses

Readme

licensing

This is a small command line utlity to figure out the licensing footprint of your project or from a given module name.

Installation

npm install -g licensing

CLI usage

  licensing [flags]

  --package [dir]    : The location of the package.json to use
  --registry [url]   : The registry we should use to resolve packages
  --name [name]      : Discover the footprint of a module instead
  --devDependencies  : Also include all devDependencies
  --help             : Display this message

example:
  licensing --name primus

Debugging

The module and it's submodules that make this license parsing possible are instrumented with the debug logging module. If something doesn't work as expected you can see some useful output by prefixing the licensing command with the DEBUG env variable:

DEBUG=* licensing

Github API ratelimit

The module where this CLI application is build upon makes heavy use of Github and it's API for resolving licenses. The GitHub API is rate limited to only 60 requests per hour. Which isn't enough for bigger projects that have a lot of dependencies or if you want to resolve devDependencies. In order to go around this limitation you can supply a GITHUB_TOKEN env variable which contains a personal OAuth token from your github account. To generate a token:

  1. Go to your account page on GitHub: https://github.com/settings/tokens/new
  2. Make sure you select public_repo and generate a new token.
  3. Save the token in bashrc/.profile/zshrc or use it directly using:
GITHUB_TOKEN="adasfadsfadf08df08afa<your token here if it wasn't obvious>" licensing

Resolving actual dependencies.

Armed with this information we can simply resolve the license footprint of a given module using the licenses --name <name> command. The following output is the result of that for the primus module:


Resolving dependencies, this might take a while

primus is licensed as: MIT

Licenses information:

[email protected]                                       : MIT
[email protected]                                     : MIT
[email protected]                              : MIT
[email protected]                              : MIT
[email protected]                             : MIT
[email protected]                                  : MIT
[email protected]                                  : MIT
ms@~0.6.2                                        : MIT
[email protected]                                 : MIT
[email protected]                                      : MIT

Found a module that is incorrectly or not detected at all but does
have a valid license? Please report this at:

https://github.com/3rd-Eden/licenses/issues/new

Which is the library that does the actual parsing and detection of
the license so we can improve it's parsing algorithm and yield
better results.

If you're just curious about the license impact of your current project, simply run licensing and it will read out your package.json and start searching for licensing information. Here's the license information that got outputted for this module:

Resolving dependencies, this might take a while

Licenses information:

[email protected]                                 : MIT
[email protected]                                       : MIT
[email protected]                                   : MIT
[email protected]                                      : MIT
[email protected]                              : MIT
[email protected]                               : MIT
[email protected]                                     : MIT
[email protected]                                      : MIT
[email protected]                                    : MIT
[email protected]                             : MIT
[email protected]                                       : MIT
[email protected]                                     : BSD 4-Clause
[email protected]                                  : MIT
[email protected]                                      : MIT
[email protected]                                     : MIT
[email protected]                                       : MIT
[email protected]                                         : MIT
[email protected]                                   : Apache 2.0
[email protected]                                 : MIT
[email protected]                                     : MIT
qs@~0.6.0                                        : MIT
json-stringify-safe@~5.0.0                       : BSD 4-Clause
forever-agent@~0.5.0                             : Apache 2.0
node-uuid@~1.4.0                                 : MIT
mime@~1.2.9                                      : MIT
tough-cookie@>=0.12.0                            : MIT
form-data@~0.1.0                                 : MIT
tunnel-agent@~0.3.0                              : Apache 2.0
http-signature@~0.10.0                           : MIT
oauth-sign@~0.3.0                                : Apache 2.0
hawk@~1.0.0                                      : BSD 4-Clause
aws-sign2@~0.5.0                                 : Apache 2.0
punycode@>=0.2.0                                 : MIT, GPL
combined-stream@~0.0.4                           : MIT
mime@~1.2.11                                     : MIT
async@~0.2.9                                     : MIT
[email protected]                                : MIT
[email protected]                                      : MIT
[email protected]                                      : MIT
[email protected]                                       : BSD 4-Clause
[email protected]                                       : BSD 4-Clause
[email protected]                                  : BSD 4-Clause
[email protected]                                       : BSD 4-Clause
[email protected]                             : MIT

Found a module that is incorrectly or not detected at all but does
have a valid license? Please report this at:

https://github.com/3rd-Eden/licenses/issues/new

Which is the library that does the actual parsing and detection of
the license so we can improve it's parsing algorithm and yield
better results.

License

MIT