Make sure your NPM modules have licenses.
Make sure you have Node.js and NPM installed. Then, run the following to use licenz system-wide:
npm install -g licenz
Alternatively, install it as a development dependency in your current module:
npm install licenz --save-dev
licenz ./path/to/module/
Run licenz --help for additional help.
Does your project’s dependencies have licenses that you know are acceptable? Tell licenz they’re okay by using the --licenses flag:
licenz --licenses "Apache 2, WTFPL, Public Domain" ./path/to/module
A are dependencies licenses undetectable by licenz? No problem! Use the --modules flag to make them pass:
licenz --modules "module-1@1.0.0, module2@^2.1.0" ./path/to/module
Licenz exports a single function which you can require:
var licenz = require('licenz');
licenz(options, function(err, res) {
if (err) {
console.error(err);
}
console.log(res);
});
It expects two optional arguments:
options (object): Hash of configurations for licenz. The following keys are used:
path (string): Path to the directory to scan. Example:
var options = {
path: './path/to/module'
};
whitelistLicenses (array): List of licenses to accept. Example:
var options = {
whitelistLicenses: ['My Cool License', 'My Other License']
};
whitelistModules (object): List of modules to accept. Use module names as the keys and corresponding semver-compatible versions or ranges as the values:
var options = {
whitelistModules: {
'my-module': '^2.3.0',
'my-other-module': '0.5.2',
'my-best-module': '~8.0.0'
}
};
callback (function): Node-style callback function. The “response” is an array of unlicensed module objects. A possible way of dealing with it:
licenz(options, function(err, res) {
if (err) {
return console.error(err);
}
if (res.length) {
res.forEach(function(module) {
console.log('Unlicensed: ' + module.name + '@' + module.version);
});
} else {
console.log('All licensed!');
}
});
In this example, res would be populated with these objects:
{
licenses: 'UNKNOWN',
licenseFile: undefined,
name: 'unlicensed-module'
repository: 'https://github.com/unlicensed-user/unlicensed-module',
version: '1.0.0'
}
licenz also supports a Promise interface:
licenz(options).then(function(results) {
console.log(results);
}).catch(function(error) {
console.error(error);
});
Integrating licenz with git’s pre-commit hook is easy using pre-commit. Make sure both pre-commit and licenz are installed (npm i pre-commit licenz --save-dev). Then, add a licenz to a script in your package.json:
//...
"scripts": {
"validate": "licenz",
//...
}
//...
Then, create a precommit key and add the script:
//...
"precommit": [
"validate",
//...
]
//...
FAQs
Make sure your NPM modules have licenses.
We found that licenz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.
Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.
Product
Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.