Make sure your NPM modules have licenses.
Make sure you have Node.js and NPM installed. Then, run the following to use licenz system-wide:
npm install -g licenz
Alternatively, install it as a development dependency in your current module:
npm install licenz --save-dev
licenz ./path/to/module/
Run licenz --help for additional help.
Does your project’s dependencies have licenses that you know are acceptable? Tell licenz they’re okay by using the --licenses flag:
licenz --licenses "Apache 2, WTFPL, Public Domain" ./path/to/module
A are dependencies licenses undetectable by licenz? No problem! Use the --modules flag to make them pass:
licenz --modules "module-1@1.0.0, module2@^2.1.0" ./path/to/module
Licenz exports a single function which you can require:
var licenz = require('licenz');
licenz(options, function(err, res) {
if (err) {
console.error(err);
}
console.log(res);
});
It expects two optional arguments:
options (object): Hash of configurations for licenz. The following keys are used:
path (string): Path to the directory to scan. Example:
var options = {
path: './path/to/module'
};
whitelistLicenses (array): List of licenses to accept. Example:
var options = {
whitelistLicenses: ['My Cool License', 'My Other License']
};
whitelistModules (object): List of modules to accept. Use module names as the keys and corresponding semver-compatible versions or ranges as the values:
var options = {
whitelistModules: {
'my-module': '^2.3.0',
'my-other-module': '0.5.2',
'my-best-module': '~8.0.0'
}
};
callback (function): Node-style callback function. The “response” is an array of unlicensed module objects. A possible way of dealing with it:
licenz(options, function(err, res) {
if (err) {
return console.error(err);
}
if (res.length) {
res.forEach(function(module) {
console.log('Unlicensed: ' + module.name + '@' + module.version);
});
} else {
console.log('All licensed!');
}
});
In this example, res would be populated with these objects:
{
licenses: 'UNKNOWN',
licenseFile: undefined,
name: 'unlicensed-module'
repository: 'https://github.com/unlicensed-user/unlicensed-module',
version: '1.0.0'
}
licenz also supports a Promise interface:
licenz(options).then(function(results) {
console.log(results);
}).catch(function(error) {
console.error(error);
});
Integrating licenz with git’s pre-commit hook is easy using pre-commit. Make sure both pre-commit and licenz are installed (npm i pre-commit licenz --save-dev). Then, add a licenz to a script in your package.json:
//...
"scripts": {
"validate": "licenz",
//...
}
//...
Then, create a precommit key and add the script:
//...
"precommit": [
"validate",
//...
]
//...
FAQs
Make sure your NPM modules have licenses.
We found that licenz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
Research
/Security News
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers