@callstack/licenses
Advanced tools
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects.
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects. It is used by the license-kit CLI tool and can be used directly in your Node.js scripts.
npm install @callstack/licenses
You can use @callstack/licenses programmatically in your Node.js applications. Here's a basic example of how to use it:
import {
Types,
generateAboutLibrariesNPMOutput,
generateLicensePlistNPMOutput,
scanDependencies,
} from '@callstack/licenses';
import * as md from 'ts-markdown-builder';
// apart from dependencies, also include devDependencies, but only from the root package.json;
// also, include all transitive dependencies & optional dependencies
const optionsFactory: Types.ScanPackageOptionsFactory = ({ isRoot }) => ({
includeDevDependencies: isRoot,
includeTransitiveDependencies: true,
includeOptionalDependencies: true,
});
// scan dependencies of a package
const licenses = scanDependencies(packageJsonPath, optionsFactory);
// generate AboutLibraries-compatible JSON metadata
const aboutLibrariesCompatibleReport = generateAboutLibrariesNPMOutput(licenses);
// generate LicensePlist-compatible metadata
const licensePlistReport = generateLicensePlistNPMOutput(licenses, iosProjectPath);
// generate a Markdown report
const markdownString = md
.joinBlocks(
Object.entries(licenses)
.flatMap(([packageKey, { name: packageName, version, author, content, description, file, type, url }]) => [
md.heading(packageName, { level: 2 }),
'\n',
`Version: ${version}<br/>\n`,
url ? `URL: ${url}<br/>\n` : '',
author ? `Author: ${author}<br/>\n\n` : '',
content ?? '',
'\n',
description ? `Description: ${description}\n` : '',
file ? `\nFile: ${file}\n` : '',
type ? `Type: ${type}` : '',
'\n',
md.horizontalRule,
])
.join('\n'),
)
.toString();
The API documentation is published under: https://callstackincubator.github.io/react-native-legal/api/.
This package is consumed by other packages in the monorepo by its build outputs, so everytime it is modified, you need to rebuild the package. This can be done once by running yarn build, or by running yarn dev to run tsc in watch mode. All this is described in the Contributing Guide.
FAQs
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects.
The npm package @callstack/licenses receives a total of 5,740 weekly downloads. As such, @callstack/licenses popularity was classified as popular.
We found that @callstack/licenses demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees to an attacker wallet.
Research
/Security News
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
Product
Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.