Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

nlf

Package Overview
Dependencies
Maintainers
1
Versions
35
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nlf

Find licenses for a node application and its node_module dependencies

  • 2.1.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
4K
decreased by-65.24%
Maintainers
1
Weekly downloads
 
Created
Source

Node License Finder (nlf)

Version Downloads Build Status Known Vulnerabilities Coveralls

nlf is a utility for attempting to identify the licenses of modules in a node.js project.

It looks for license information in package.json, readme and license files in the project. Please note, in many cases the utility is looking for standard strings in these files, such as MIT, BSD, Apache, GPL etc - this is not error free, so if you have any concerns at all about the accuracy of the results, you will need to perform a detailed manual review of the project and its dependencies, reading all terms of any included or referenced license.

Use

nlf can be used programmatically, or from the command line.

Options

  • -c, --csv (Default:false) - output in csv format
  • -d, --no-dev (Default:false) - exclude development dependencies
  • -r, --reach (Default: Infinity) - package depth (reach), 0 is current package.json file only
  • -s, --summary off|simple|detail (Default: simple) - summary information, not available in csv format

CLI

To install:

$ npm install -g nlf

To use:

$ cd my-module
$ nlf

Example output:

archy@0.0.2 [license(s): MIT/X11]
└── package.json:  MIT/X11

commander@0.6.1 [license(s): MIT]
└── readme files: MIT

glob@3.2.3 [license(s): BSD]
├── package.json:  BSD
└── license files: BSD

json-stringify-safe@5.0.0 [license(s): BSD]
├── package.json:  BSD
└── license files: BSD

read-installed@0.2.2 [license(s): BSD]
└── license files: BSD

should@1.2.2 [license(s): MIT]
└── readme files: MIT

LICENSES: BSD, MIT, MIT/X11

For output in CSV format use the -c (or --csv) switch:

$ cd my-module
$ nlf -c

To exclude development dependencies and only analyze dependencies for production:

$ cd my-module
$ nlf -d
Summary Mode

--summary <mode> option, which can be set to "off", "simple" or "detail". This option controls what will be printed in summary in standard format.

  • off turns off summary output
  • simple shows a list of licenses used in the project, the default behavior
  • detail shows all modules in current project and group by licenses. As example below:
LICENSES:
├─┬ BSD
│ ├── amdefine@1.0.0
│ ├── boom@0.4.2
│ ├── cryptiles@0.2.2
│ └── diff@1.4.0
├─┬ BSD-2-Clause
│ └── normalize-package-data@2.3.5
├─┬ Apache-2.0
│ ├── request@2.40.0
│ ├── spdx-correct@1.0.2
│ └── validate-npm-package-license@3.0.1
├─┬ (MIT AND CC-BY-3.0)
│ └── spdx-expression-parse@1.0.1
└─┬ MPL
  └── tough-cookie@2.2.1

Programmatically

var nlf = require('nlf');

nlf.find({ directory: '/User/me/my-project' }, function (err, data) {
	// do something with the response object.
	console.log(JSON.stringify(data));
});

// to only include production dependencies
nlf.find({
	directory: '/User/me/my-project',
	production: true
}, function (err, data) {
	// do something with the response object.
	console.log(JSON.stringify(data));
});

The data returned from find() is an array of modules, each of which is represented by an object as the following example:

{
  "id": "example@0.2.9",
  "name": "example",
  "version": "0.2.9",
  "repository": "http:\/\/github.com\/iandotkelly\/example",
  "directory": "\/Users\/ian\/example",
  "licenseSources": {
    "package": {
      "sources": [
        {
          "license": "MIT",
          "url": "http://opensource.org/MIT"
        }
      ]
    },
    "license": {
      "sources": [
        {
          "filePath": "\/Users\/ian\/Personal\/example\/LICENSE",
          "text": "the text of the license file",
          "names": function() { // function that returns the name of the license if known }
        }
      ]
    },
    "readme": {
      "sources": [
        {
          "filePath": "\/Users\/ian\/Personal\/example\/readme.md",
          "text": "text of the readme"
          "names": function() { // function that returns the name of the license if known }
        }
      ]
    }
  }
}

Each

Tests

To run the unit tests, install development dependencies and run tests with 'gulp'. Requires gulp.js to be installed globally.

# only need to install gulp if you have not done so already
$ npm install -g gulp
$ cd nlf
$ npm install
$ gulp

If you contribute to the project, tests are written in mocha, using should.js or the node.js assert module.

Keywords

FAQs

Package last updated on 11 Mar 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc