@nodesecure/ntlp

npm tarball license parser

Fetch all licenses and their SPDX conformance from a given npm tarball.

Requirements

• Node.js v18 or higher

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/ntlp
# or
$ yarn add @nodesecure/ntlp

Usage example

import * as ntlp from "@nodesecure/ntlp";

// Asynchronous
{
  const licenses = await ntlp.extractLicenses(process.cwd());
  console.log(licenses);
}

// Synchronous
{
  const licenses = ntlp.extractLicensesSync(process.cwd());
  console.log(licenses);
}

API

extractLicenses(location: string, options?: extractAsyncOptions): Promise< SpdxExtractedResult >

Search and parse all licenses at the given location.

Return all licenses with their SPDX conformance.

import {
  spdxLicenseConformance
} from "@nodesecure/licenses-conformance";

export interface SpdxLicenseConformance extends spdxLicenseConformance {
  from: string;
}

export interface SpdxExtractedResult {
  /**
   * List of license (with their SPDX conformance)
   */
  licenses: SpdxLicenseConformance[];
  /**
   * Has multiple unique licenses (MIT, ISC ..)
   */
  hasMultipleLicenses: boolean;
  /**
   * Unique list of license (MIT, ISC). The list cannot contain duplicate.
   */
  uniqueLicenseIds: string[];
  /**
   * List of licenses with no SPDX (or with invalid ids).
   */
  invalidLicenseIds: string[];
}

extractLicensesSync(location: string, options?: ExtractSyncOptions): SpdxExtractedResult

Same as extractLicenses but use synchronous FS API.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Gentilhomme 💻 📖 👀 🛡️ 🐛

Tony Gorez 💻 📖 👀

Quentin Lepateley 📖

Nicolas Hallaert 📖

Vincent Dhennin 💻

Kouadio Fabrice Nguessan 🚧

License

MIT