@callstack/licenses
Advanced tools
npm install @callstack/licenses
You can use @callstack/licenses programmatically in your Node.js applications. Here's a basic example of how to use it:
import {
generateAboutLibrariesNPMOutput,
generateLicensePlistNPMOutput,
scanDependencies,
Types,
} from '@callstack/licenses';
import * as md from 'ts-markdown-builder';
// apart from dependencies, also include devDependencies, but only from the root package.json;
// also, include all transitive dependencies & optional dependencies
const optionsFactory: Types.ScanPackageOptionsFactory = ({ isRoot }) => ({
includeDevDependencies: isRoot,
includeTransitiveDependencies: true,
includeOptionalDependencies: true,
});
// scan dependencies of a package
const licenses = scanDependencies(packageJsonPath, optionsFactory);
// generate AboutLibraries-compatible JSON metadata
const aboutLibrariesCompatibleReport = generateAboutLibrariesNPMOutput(licenses);
// generate LicensePlist-compatible metadata
const licensePlistReport = generateLicensePlistNPMOutput(licenses, iosProjectPath);
// generate a Markdown report
const markdownString = md
.joinBlocks(
Object.entries(licenses)
.flatMap(([packageKey, { name: packageName, version, author, content, description, file, type, url }]) => [
md.heading(packageName, { level: 2 }),
'\n',
`Version: ${version}<br/>\n`,
url ? `URL: ${url}<br/>\n` : '',
author ? `Author: ${author}<br/>\n\n` : '',
content ?? '',
'\n',
description ? `Description: ${description}\n` : '',
file ? `\nFile: ${file}\n` : '',
type ? `Type: ${type}` : '',
'\n',
md.horizontalRule,
])
.join('\n'),
)
.toString();
The API documentation is published under: https://callstackincubator.github.io/react-native-legal/api/.
This package is consumed by other packages in the monorepo by its build outputs, so everytime it is modified, you need to rebuild the package. This can be done once by running yarn build, or by running yarn dev to run tsc in watch mode. All this is described in the Contributing Guide.
FAQs
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects.
We found that @callstack/licenses demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 15 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.