Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

license-reporter

Package Overview
Dependencies
Maintainers
8
Versions
12
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

license-reporter

License-reporter gathers license information and reports them in various formats.

  • 1.5.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
8
Created
Source

license-reporter

Node.js CI Coverage Status

Installation

$ npm install license-reporter -g

Usage

Example using https://github.com/chalk/chalk

$ git clone https://github.com/chalk/chalk.git
$ cd chalk ; npm install
$ license-reporter console 
========= APPROVED LICENSES        ==========
name: ansi-styles , version: 3.2.1 , licenses: MIT License
name: escape-string-regexp , version: 1.0.5 , licenses: MIT License
name: supports-color , version: 6.0.0 , licenses: MIT License
========= APPROVED LICENSES        ==========
<?xml version='1.0'?>
<licenseSummary>
    <project>chalk</project>
    <version>2.4.1</version>
    <license>MIT</license>
    <dependencies>
        <dependency>
            <packageName>ansi-styles</packageName>
            <version>3.2.1</version>
            <licenses>
                <license>
                    <name>MIT License</name>
                    <url>http://www.opensource.org/licenses/MIT</url>
                </license>
            </licenses>
        </dependency>
        <dependency>
            <packageName>escape-string-regexp</packageName>
            <version>1.0.5</version>
            <licenses>
                <license>
                    <name>MIT License</name>
                    <url>http://www.opensource.org/licenses/MIT</url>
                </license>
            </licenses>
        </dependency>
        <dependency>
            <packageName>supports-color</packageName>
            <version>6.0.0</version>
            <licenses>
                <license>
                    <name>MIT License</name>
                    <url>http://www.opensource.org/licenses/MIT</url>
                </license>
            </licenses>
        </dependency>
    </dependencies>
</licenseSummary>

More commands

license-reporter --help
Usage: license-reporter <command> [options]

Commands:
  license-reporter console  Shows license information on standard output.
  license-reporter merge    Merge license XML files.
  license-reporter report   Creates a HTML report.
  license-reporter save     Saves license information to a file.

Options:
  --help     Show help                                                 [boolean]
  --version  Show version number                                       [boolean]
  --cwd      Change the current working directory

Save

~/Desktop$ mkdir foo
~/Desktop$ cd foo
~/Desktop/foo$ npm init -y
~/Desktop/foo$ npm install express -S

~/Desktop/foo$ license-reporter save --xml license1.xml
========= APPROVED LICENSES        ==========
name: express , version: 4.16.4 , licenses: MIT License
========= APPROVED LICENSES        ==========

~/Desktop/foo$ cat licenses/license1.xml 
<?xml version='1.0'?>
<licenseSummary>
    <project>foo</project>
    <version>1.0.0</version>
    <license>ISC</license>
    <dependencies>
        <dependency>
            <packageName>express</packageName>
            <version>4.16.4</version>
            <licenses>
                <license>
                    <name>MIT License</name>
                    <url>http://www.opensource.org/licenses/MIT</url>
                </license>
            </licenses>
        </dependency>
    </dependencies>
</licenseSummary>

~/Desktop$ mkdir bar
~/Desktop$ cd bar
~/Desktop/bar$ npm init -y
~/Desktop/bar$ npm install request -S

~/Desktop/bar$ license-reporter save --xml license2.xml
========= APPROVED LICENSES        ==========
name: request , version: 2.88.0 , licenses: Apache License 2.0
========= APPROVED LICENSES        ==========

~/Desktop/bar$ cat licenses/license2.xml 
<?xml version='1.0'?>
<licenseSummary>
    <project>bar</project>
    <version>1.0.0</version>
    <license>ISC</license>
    <dependencies>
        <dependency>
            <packageName>request</packageName>
            <version>2.88.0</version>
            <licenses>
                <license>
                    <name>Apache License 2.0</name>
                    <url>http://www.apache.org/licenses/LICENSE-2.0</url>
                </license>
            </licenses>
        </dependency>
    </dependencies>
</licenseSummary>

XML merging example

The intention for this functionality is to be able to create an xml file that contains all the licenses for a project that is made up of two or more projects.

So we are going to merge both license1.xml and license2.xml files created by the previous examples.

Inside the example foo root directory run:

~/Desktop/foo$ license-reporter merge --merge-project-name="UberProject" --merge-license-xmls="./licenses/license1.xml,../bar/licenses/license2.xml" --merge-output="merged.xml"


~/Desktop/foo$ cat licenses/merged.xml 
<?xml version='1.0'?>
<UberProject>
    <project>
        <licenseSummary>
            <project>foo</project>
            <version>1.0.0</version>
            <license>ISC</license>
            <dependencies>
                <dependency>
                    <packageName>express</packageName>
                    <version>4.16.4</version>
                    <licenses>
                        <license>
                            <name>MIT License</name>
                            <url>http://www.opensource.org/licenses/MIT</url>
                        </license>
                    </licenses>
                </dependency>
            </dependencies>
        </licenseSummary>
    </project>
    <project>
        <licenseSummary>
            <project>bar</project>
            <version>1.0.0</version>
            <license>ISC</license>
            <dependencies>
                <dependency>
                    <packageName>request</packageName>
                    <version>2.88.0</version>
                    <licenses>
                        <license>
                            <name>Apache License 2.0</name>
                            <url>http://www.apache.org/licenses/LICENSE-2.0</url>
                        </license>
                    </licenses>
                </dependency>
            </dependencies>
        </licenseSummary>
    </project>
</UberProject>

Extra information can be found here

Contributing

Please read the contributing guide

FAQs

Package last updated on 08 Dec 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Research

Security News

Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts

Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.

By Kirill Boychenko  -  Dec 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc