Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025
@opengovsg/credits-generator
Advanced tools
credits-generator
Takes in package.json and outputs a CREDITS.md file attributing the authors of your dependencies
Usage
npx @opengovsg/credits-generatorfrom your node projectCREDITS.mdgenerated!
An example is in this project's own package.json and CREDITS.md.
Motivation
Use of open-source software is often governed by the terms of their licenses. Such terms often include the obligation to provide some form of acknowledgement of use, along with the full text of the license. This practice is strongly recommended at several organisations, including the Government Technology Agency of Singapore.
This tool was hence created to make it convenient to attribute authors of dependencies in the node.js projects that we publish. As beneficiaries of open-source software, we want to provide due recognition to those authors, and hope that others would do so too.
More information on this topic can be found in this excellent article found at nexB
Limitations
Currently, this tool is only capable of retrieving LICENSE files from GitHub repositories. This may be problematic for dependencies hosted elsewhere, or license files with non-standard names.
Contributing
We welcome contributions to code open-sourced by the Government Technology Agency of Singapore. All contributors will be asked to sign a Contributor License Agreement (CLA) in order to ensure that everybody is free to use their contributions.
FAQs
Takes in package.json and outputs a CREDITS.md file
The npm package @opengovsg/credits-generator receives a total of 47 weekly downloads. As such, @opengovsg/credits-generator popularity was classified as not popular.
We found that @opengovsg/credits-generator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 05 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg - Sep 10, 2025
Security News
Feross on Risky Business Weekly Podcast: npm’s Ongoing Supply Chain Attacks
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
By Sarah Gooding - Sep 10, 2025