@callstack/licenses
Advanced tools
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects.
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects. It is used by the license-kit CLI tool and can be used directly in your Node.js scripts.
npm install @callstack/licenses
You can use @callstack/licenses programmatically in your Node.js applications. Here's a basic example of how to use it:
import {
Types,
generateAboutLibrariesNPMOutput,
generateLicensePlistNPMOutput,
scanDependencies,
} from '@callstack/licenses';
import * as md from 'ts-markdown-builder';
// apart from dependencies, also include devDependencies, but only from the root package.json;
// also, include all transitive dependencies & optional dependencies
const optionsFactory: Types.ScanPackageOptionsFactory = ({ isRoot }) => ({
includeDevDependencies: isRoot,
includeTransitiveDependencies: true,
includeOptionalDependencies: true,
});
// scan dependencies of a package
const licenses = scanDependencies(packageJsonPath, optionsFactory);
// generate AboutLibraries-compatible JSON metadata
const aboutLibrariesCompatibleReport = generateAboutLibrariesNPMOutput(licenses);
// generate LicensePlist-compatible metadata
const licensePlistReport = generateLicensePlistNPMOutput(licenses, iosProjectPath);
// generate a Markdown report
const markdownString = md
.joinBlocks(
Object.entries(licenses)
.flatMap(([packageKey, { name: packageName, version, author, content, description, file, type, url }]) => [
md.heading(packageName, { level: 2 }),
'\n',
`Version: ${version}<br/>\n`,
url ? `URL: ${url}<br/>\n` : '',
author ? `Author: ${author}<br/>\n\n` : '',
content ?? '',
'\n',
description ? `Description: ${description}\n` : '',
file ? `\nFile: ${file}\n` : '',
type ? `Type: ${type}` : '',
'\n',
md.horizontalRule,
])
.join('\n'),
)
.toString();
The API documentation is published under: https://callstackincubator.github.io/react-native-legal/api/.
This package is consumed by other packages in the monorepo by its build outputs, so everytime it is modified, you need to rebuild the package. This can be done once by running yarn build, or by running yarn dev to run tsc in watch mode. All this is described in the Contributing Guide.
FAQs
API package that exposes functionalities for programmatic scanning of licenses in Node.js projects.
The npm package @callstack/licenses receives a total of 22,835 weekly downloads. As such, @callstack/licenses popularity was classified as popular.
We found that @callstack/licenses demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A new npm package tests AI malware scanners with prompt injection, safety-triggering comments, context flooding, and obfuscated JavaScript.
Product
Socket now detects supply chain risks in project manifests, starting with missing lockfiles that can make dependency installs non-reproducible.
Research
/Security News
The trojanized extensions use TinyGo-compiled WebAssembly and Solana transaction memos to resolve command-and-control infrastructure.