Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
By Sarah GoodingΒ - Β Sep 20, 2024
Node License Finder (nlf)
nlf is a utility for attempting to identify the licenses of modules in a node.js project.
It looks for license information in package.json, readme and license files in the project. Please note, in many cases the utility is looking for standard strings in these files, such as MIT, BSD, Apache, GPL etc - this is not error free, so if you have any concerns at all about the accuracy of the results, you will need to perform a detailed manual review of the project and its dependencies, reading all terms of any included or referenced license.
Use
nlf can be used programmatically, or from the command line.
Options
-c,--csv(Default:false) - output in csv format-d,--no-dev(Default:false) - exclude development dependencies-r,--reach(Default: Infinity) - package depth (reach), 0 is current package.json file only-s,--summary off|simple|detail(Default: simple) - summary information, not available in csv format
CLI
To install:
$ npm install -g nlf
To use:
$ cd my-module
$ nlf
Example output:
archy@0.0.2 [license(s): MIT/X11] βββ package.json: MIT/X11 commander@0.6.1 [license(s): MIT] βββ readme files: MIT glob@3.2.3 [license(s): BSD] βββ package.json: BSD βββ license files: BSD json-stringify-safe@5.0.0 [license(s): BSD] βββ package.json: BSD βββ license files: BSD read-installed@0.2.2 [license(s): BSD] βββ license files: BSD should@1.2.2 [license(s): MIT] βββ readme files: MIT LICENSES: BSD, MIT, MIT/X11
For output in CSV format use the -c (or --csv) switch:
$ cd my-module
$ nlf -c
To exclude development dependencies and only analyze dependencies for production:
$ cd my-module
$ nlf -d
Summary Mode
--summary <mode> option, which can be set to "off", "simple" or "detail". This option controls what will be printed in summary in standard format.
offturns off summary outputsimpleshows a list of licenses used in the project, the default behaviordetailshows all modules in current project and group by licenses. As example below:
LICENSES:
βββ¬ BSD
β βββ amdefine@1.0.0
β βββ boom@0.4.2
β βββ cryptiles@0.2.2
β βββ diff@1.4.0
βββ¬ BSD-2-Clause
β βββ normalize-package-data@2.3.5
βββ¬ Apache-2.0
β βββ request@2.40.0
β βββ spdx-correct@1.0.2
β βββ validate-npm-package-license@3.0.1
βββ¬ (MIT AND CC-BY-3.0)
β βββ spdx-expression-parse@1.0.1
βββ¬ MPL
βββ tough-cookie@2.2.1
Programmatically
var nlf = require('nlf');
nlf.find({ directory: '/User/me/my-project' }, function (err, data) {
// do something with the response object.
console.log(JSON.stringify(data));
});
// to only include production dependencies
nlf.find({
directory: '/User/me/my-project',
production: true
}, function (err, data) {
// do something with the response object.
console.log(JSON.stringify(data));
});
The data returned from find() is an array of modules, each of which is represented by an object as the following example:
{
"id": "example@0.2.9",
"name": "example",
"version": "0.2.9",
"repository": "http:\/\/github.com\/iandotkelly\/example",
"directory": "\/Users\/ian\/example",
"licenseSources": {
"package": {
"sources": [
{
"license": "MIT",
"url": "http://opensource.org/MIT"
}
]
},
"license": {
"sources": [
{
"filePath": "\/Users\/ian\/Personal\/example\/LICENSE",
"text": "the text of the license file",
"names": function() { // function that returns the name of the license if known }
}
]
},
"readme": {
"sources": [
{
"filePath": "\/Users\/ian\/Personal\/example\/readme.md",
"text": "text of the readme"
"names": function() { // function that returns the name of the license if known }
}
]
}
}
}
Each
Tests
To run the unit tests, install development dependencies and run tests with 'gulp'. Requires gulp.js to be installed globally.
# only need to install gulp if you have not done so already
$ npm install -g gulp
$ cd nlf
$ npm install
$ gulp
If you contribute to the project, tests are written in mocha, using should.js or the node.js assert module.
FAQs
Find licenses for a node application and its node_module dependencies
We found that nlf demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.Β It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Mar 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Understanding License Exceptions: What Developers Need to Know
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
By Sarah GoodingΒ - Β Sep 20, 2024
Security News
Developer Accuses Tencent of Copyright Violation After Python Utilityβs License Changed from GPLv3 to BSD
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.
By Sarah GoodingΒ - Β Sep 18, 2024