Make sure your NPM modules have licenses.
Make sure you have Node.js and NPM installed. Then, run the following to use licenz system-wide:
npm install -g licenz
Alternatively, install it as a development dependency in your current module:
npm install licenz --save-dev
licenz ./path/to/module/
Run licenz --help for additional help.
Does your project’s dependencies have licenses that you know are acceptable? Tell licenz they’re okay by using the --licenses flag:
licenz --licenses "Apache 2, WTFPL, Public Domain" ./path/to/module
A are dependencies licenses undetectable by licenz? No problem! Use the --modules flag to make them pass:
licenz --modules "module-1@1.0.0, module2@^2.1.0" ./path/to/module
Licenz exports a single function which you can require:
var licenz = require('licenz');
licenz(options, function(err, res) {
if (err) {
console.error(err);
}
console.log(res);
});
It expects two optional arguments:
options (object): Hash of configurations for licenz. The following keys are used:
path (string): Path to the directory to scan. Example:
var options = {
path: './path/to/module'
};
whitelistLicenses (array): List of licenses to accept. Example:
var options = {
whitelistLicenses: ['My Cool License', 'My Other License']
};
whitelistModules (object): List of modules to accept. Use module names as the keys and corresponding semver-compatible versions or ranges as the values:
var options = {
whitelistModules: {
'my-module': '^2.3.0',
'my-other-module': '0.5.2',
'my-best-module': '~8.0.0'
}
};
callback (function): Node-style callback function. The “response” is an array of unlicensed module objects. A possible way of dealing with it:
licenz(options, function(err, res) {
if (err) {
return console.error(err);
}
if (res.length) {
res.forEach(function(module) {
console.log('Unlicensed: ' + module.name + '@' + module.version);
});
} else {
console.log('All licensed!');
}
});
In this example, res would be populated with these objects:
{
licenses: 'UNKNOWN',
licenseFile: undefined,
name: 'unlicensed-module'
repository: 'https://github.com/unlicensed-user/unlicensed-module',
version: '1.0.0'
}
licenz also supports a Promise interface:
licenz(options).then(function(results) {
console.log(results);
}).catch(function(error) {
console.error(error);
});
Integrating licenz with git’s pre-commit hook is easy using pre-commit. Make sure both pre-commit and licenz are installed (npm i pre-commit licenz --save-dev). Then, add a licenz to a script in your package.json:
//...
"scripts": {
"validate": "licenz",
//...
}
//...
Then, create a precommit key and add the script:
//...
"precommit": [
"validate",
//...
]
//...
FAQs
Make sure your NPM modules have licenses.
The npm package licenz receives a total of 3 weekly downloads. As such, licenz popularity was classified as not popular.
We found that licenz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.