@cybozu/license-manager
Advanced tools
Readme
license-manager is a CLI license management tool for npm dependencies.
node >= v18.14.0
npm >= v9.3.1 (need npm query) or pnpm >= v8.10.0
npm install -g @cybozu/license-manager@latest
Analyze dependencies licenses.
If invalid package found, it outputs error.
license-manager analyze -q ".prod" -w . -l MIT -l ISC -p "@types/*" -p "react@*"
Extract licenses to a single file.
license-manager extract -q ".prod" -w . -l MIT -l ISC -p "@types/*" -p "react@*"
-q, --querydefault:
":root *"":root .prod"Query string for npm query.
license-manager uses npm query to search packages.
Attention: If the package manager is pnpm, it cannot be specified; it is the same as ":root *" for analyze and ":root .prod" for extract.
--cwddefault: (empty / process.cwd())
Current working directory for npm query.
-w, --workspacedefault: (ignored)
Option for workspace option of npm query.
-m, --packageManagerdefault: (empty / Automatically detects)
Specify which package manager to use npm or pnpm.
Automatically detected if you are running the command with npm run, npx, or pnpm run.
-c, --configdefault: (./license-manager.config.js)
Config file path.
analyze command-l, --allowLicensedefault: (empty / All licenses are denied)
Permitted license name.
If any package is found for which this option is not specified, analyze command will output errors.
-p, --allowPackagedefault: (ignored)
Permitted package name.
Packages specified with this option are allowed regardless of the license.
-p foo@1.2.3
-p foo@1.2.3 -p bar@2.3.4
# Allow any version
-p foo
-p foo@*
-p foo@all
# Allow scoped package
-p @foo/*
extract command-l, --extractLicensedefault: (empty / All licenses are extracted)
Extracts only packages with the specified license.
If omitted, all packages are extracted.
-p, --excludePackagedefault: (ignored)
Excluded package name.
-o, --outputdefault: "licenses.txt" or "licenses.json"
Output file name.
Relative path from the current directory.
--jsonOutput licenses in JSON format.
Based on the results of npm query, and some fields be added.
licenseText (string) : Extracted license text.licenseTextPath (string)(optional) : File path to license text file. Omitted if override function is used.apacheNotice (string)(optional) : Contents of NOTICE file. Exists only if Apache-2.0 license and NOTICE file exists.apacheNoticePath (string)(optional) : File path to NOTICE file.You can write all settings to license-manager.config.js.
If license-manager.config.js exists in the current directory, it is automatically loaded.
You can change the file path with the --config option.
CLI options take precedence, but license and package specifications are merged.
And you can also specify a override function in case the license and license text cannot be detected.
module.exports = {
workspace: ".",
analyze: {
query: ":workspace:is([name=app]) *",
allowLicenses: ["MIT", /BSD.*/, "ISC"],
allowPackages: ["mypackage", /eslint/],
},
extract: {
query: ":workspace:is([name=app]) .prod",
excludePackages: [/^@cybozu/],
extractLicenses: [/BSD.*/, "ISC"],
output: "mylicenses.json",
format: "json",
},
overrideLicense: (dep) => {
if (dep.name === "foo/bar") {
return "MIT";
}
return;
},
overrideLicenseText: (dep) => {
if (dep.name === "foo/bar") {
return { licenseText: `MY PACKAGE LICENSE` };
}
if (dep.name === "license-manager") {
return {
licensePageUrl: `https://raw.githubusercontent.com/cybozu/license-manager/v${dep.version}/LICENSE`,
};
}
return;
},
};
You can use utility functions in license-manager.config.js.
isMatchPackage : Verifying that package name and version match
isMatchName : Verifying that package name match
isMatchVersion : Verifying that package version match
const { isMatchPackage } = require('@cybozu/license-manager');
module.exports = {
...
overrideLicense: (dep) => {
if (isMatchPackage(dep, "foo/bar@1.0.0")) {
return "MIT";
}
return;
},
};
FAQs
CLI tool for license management
The npm package @cybozu/license-manager receives a total of 1,569 weekly downloads. As such, @cybozu/license-manager popularity was classified as popular.
We found that @cybozu/license-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.