license-cop
Advanced tools
Yet another license checker tool for your dependencies; focused on simplicity.
Yet another license checker tool for your dependencies; focused on simplicity.
Install license-cop
npm install license-cop --save-dev
Make a config file
npx license-cop init
Run license-cop
npx license-cop
The license-cop command will use an exit code of 0 if all your dependencies conform to the settings in your config file.
By default the --init flag will make a .licenses.json file, however you can use many different variations of file name and file type including:
licenses as licenceslicenses with rc.config/ directory.json, .jsonc, .json5, .yaml, .yml, .js, or .cjslicensecop key in a package.json filelicensesSpecify all of the SPDX license codes that you're allowing in your dependency tree. E.g.
{
"licenses": ["MIT", "ISC", "Apache-2.0"]
}
packagesSpecify all of the packages you're allowing, no matter what the license is. You can optionally lock packages by npm version ranges. E.g.
{
"packages": ["lodash", "axios@^2.0.0", "react@<16"]
}
extendsSpecify another license-cop config file that this file should extend.
{
"extends": "@license-cop/permissive"
}
Values can be:
npm:) that contains a license-cop config file.@license-cop/permissivenpm:@license-cop/permissive@license-cop/permissive is a base config provided by us containing a curated list of permissive licenses. We think it's a good starting point for all configs!
The name of a public github repository (prefixed with github:) that contains a license-cop config file. This currently only supports config files called exactly .licenses.json.
github:tobysmith568/license-cop-config
A URL to a license-cop config file. Currently this only supports json config files.
https://raw.githubusercontent.com/tobysmith568/license-cop-config/main/license-cop.json
Caveats
If you extend a remote file, and that in-turn extends an npm package, then you're going to need to have that npm package installed locally. They're not resolved dynamically from npmjs.com.
includeDevDependenciesfalse by default.
Set to true to make license-cop also check your dev-dependencies.
devDependenciesOnlyfalse by default.
Set to true to make license-cop only check your dev-dependencies.
Running license-cop as a part of your CI process is a great way to catch issues before they land in your main branch.
Below is an example of how you can run license-cop in its own GitHub Action job for all PRs targetting main:
name: Check Licenses
on:
pull_request:
branches:
- main
jobs:
licenses:
name: Check Licenses
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
cache: npm
- name: Install dependencies
run: npm ci
- name: Run License-Cop
run: npx license-cop
The Action above will fail if any of your node_modules have a license that isn't listed in your license-cop config file.
License-cop itself is licensed under the ISC license.
FAQs
Yet another license checker tool for your dependencies; focused on simplicity.
The npm package license-cop receives a total of 7,349 weekly downloads. As such, license-cop popularity was classified as popular.
We found that license-cop demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.