npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

npm-license-checker-alt

v1.0.3

Published

Extract NPM package licenses - Forked from Roman Seidelsohn's license-checker-rseidelsohn

Downloads

12

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

themojothemojo

Keywords

licenseclicheckeross

Readme

NPM License Checker

Table of Contents

Introduction

_This is a fork of rseidelsohn' license-checker-rseidelsohn - It mainly exists to exlude README which rarely has license files

Please notice: Version 1.2.2 is the last version working fine on node v12. From Version 2 on, you will need at least Node v14 to run this NPM license checker. Thanks to @daniel-schulz for pointing this out!

Ever needed to see all the license info for a module and its dependencies?

It's this easy:

npm install -g npm-license-checker-alt

mkdir foo
cd foo
npm install yui-lint
npm-license-checker-alt

You should see something like this:

├─ [email protected]
│  ├─ repository: http://github.com/chriso/cli
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-glob
│  └─ licenses: UNKNOWN
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-graceful-fs
│  └─ licenses: UNKNOWN
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/inherits
│  └─ licenses: UNKNOWN
├─ [email protected]
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-lru-cache
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/node-lru-cache
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/minimatch
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/minimatch
│  └─ licenses: MIT
├─ [email protected]
│  ├─ repository: https://github.com/isaacs/sigmund
│  └─ licenses: UNKNOWN
└─ [email protected]
   ├─ licenses: BSD
   └─ repository: http://github.com/yui/yui-lint

An asterisk next to a license name means that it was deduced from an other file than package.json (README, LICENSE, COPYING, ...) You could see something like this:

└─ [email protected]
   ├─ repository: https://github.com/visionmedia/debug
   └─ licenses: MIT*

Changes

Version 1.0.1

First real version

All options in alphabetical order:

  • --angularCli is just a synonym for --plainVertical
  • --csv output in csv format.
  • --csvComponentPrefix prefix column for component in csv format.
  • --customPath to add a custom Format file in JSON
  • --development only show development dependencies.
  • --direct look for direct dependencies only
  • --excludeLicenses [list] exclude modules which licenses are in the comma-separated list from the output
  • --excludePackages [list] restrict output to the packages (either "package@fullversion" or "package@majorversion" or only "package") not in the semicolon-seperated list
  • --excludePackagesStartingWith [list] exclude modules which names start with the comma-separated list from the output (useful for excluding modules from a specific vendor and such). Example: --excludePackagesStartingWith "webpack;@types;@babel"
  • --excludePrivatePackages restrict output to not include any package marked as private
  • --failOn [list] fail (exit with code 1) on the first occurrence of the licenses of the semicolon-separated list
  • --files [path] copy all license files to path and rename them to module-name@version-LICENSE.txt.
  • --includeLicenses [list] include only modules which licenses are in the comma-separated list from the output
  • --includePackages [list] restrict output to the packages (either "package@fullversion" or "package@majorversion" or only "package") in the semicolon-seperated list
  • --json output in json format.
  • --limitAttributes [list] limit the attributes to be output.
  • --markdown output in markdown format.
  • --nopeer skip peer dependencies in output.
  • --onlyAllow [list] fail (exit with codexclusionse 1) on the first occurrence of the licenses not in the semicolon-seperated list
  • --onlyunknown only list packages with unknown or guessed licenses.
  • --out [filepath] write the data to a specific file.
  • --plainVertical output license info in plain vertical format like Angular CLI does
  • --production only show production dependencies.
  • --relativeLicensePath output the location of the license files as relative paths
  • --relativeModulePath output the location of the module files as relative paths
  • --start [filepath] path of the initial json to look for
  • --summary output a summary of the license usage',
  • --unknown report guessed licenses as unknown licenses.
  • --version The current version
  • --help The text you are reading right now :)

Exclusions

A list of licenses is the simplest way to describe what you want to exclude.

You can use valid SPDX identifiers. You can use valid SPDX expressions like MIT OR X11. You can use non-valid SPDX identifiers, like Public Domain, since npm does support some license strings that are not SPDX identifiers.

Examples

npm-license-checker-alt --json > /path/to/licenses.json
npm-license-checker-alt --csv --out /path/to/licenses.csv
npm-license-checker-alt --unknown
npm-license-checker-alt --customPath customFormatExample.json
npm-license-checker-alt --excludeLicenses 'MIT, MIT OR X11, BSD, ISC'
npm-license-checker-alt --includePackages '[email protected];[email protected];[email protected]'
npm-license-checker-alt --excludePackages 'internal-1;internal-2'
npm-license-checker-alt --onlyunknown

Custom format

The --customPath option can be used with CSV to specify the columns. Note that the first column, module_name, will always be used.

When used with JSON format, it will add the specified items to the usual ones.

The available items are the following:

  • copyright
  • description
  • email
  • licenseFile
  • licenseModified
  • licenses
  • licenseText
  • name
  • publisher
  • repository
  • url
  • version

You can also give default values for each item. See an example in customFormatExample.json.

Requiring

var checker = require('npm-license-checker-alt');

checker.init(
    {
        start: '/path/to/start/looking',
    },
    // eslint-disable-next-line no-unused-vars
    function (err, packages) {
        if (err) {
            //Handle error
        } else {
            //The sorted package data
            //as an Object
        }
    },
);

Debugging

license-checker uses debug for internal logging. There’s two internal markers:

  • npm-license-checker-alt:error for errors
  • npm-license-checker-alt:log for non-errors

Set the DEBUG environment variable to one of these to see debug output:

$ export DEBUG=npm-license-checker-alt*; npm-license-checker-alt
scanning ./yui-lint
├─ [email protected]
│  ├─ repository: http://github.com/chriso/cli
│  └─ licenses: MIT
# ...

How Licenses are Found

We walk through the node_modules directory with the read-installed-packages module. Once we gathered a list of modules we walk through them and look at all of their package.json's, We try to identify the license with the spdx module to see if it has a valid SPDX license attached. If that fails, we then look into the module for the following files: LICENSE, LICENCE, COPYING,

If one of the those files are found (in that order) we will attempt to parse the license data from it with a list of known license texts. This will be shown with the * next to the name of the license to show that we "guessed" at it.

Related information sources on the internet

  • ChooseALicense.com - aims at helping you in choosing an open source license for your project
  • TLDRLegal.com - aims at exlaining complicated legal details of software licenses in easy to understand english