Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
npm-license-crawler
Advanced tools
Analyzes license information for multiple node.js modules (package.json files) as part of your software project.
NPM License Crawler is a wrapper around license-checker to analyze several node packages (package.json files) as part of your software project. This way, it is possible to create a list of third party licenses for your software project in one go. File paths containing ".git" or "node_modules" are ignored at the stage where 'package.json' files are matched to provide the entry points to calling license-checker.
If you like npm-license-crawler, please consider ★ starring the project on github. Contributions to the project are welcome. You can simply fork the project and create a pull request with your contribution to start with.
Use global installation to be able to run npm-license-crawler from the command line.
npm i npm-license-crawler -g
--start directory-path
: path to the directory the license search should start from.
If omitted the current working directory is assumed.
--exclude directory-path
: path to a directory to be excluded (and its subdirectories) from the search.
--unknown
: show only licenses that can't be determined or have been guessed.
--dependencies
: show only third-party licenses, i.e., only list the dependencies defined in package.json.
--production
: show only production dependencies
--development
: show only development dependencies
--onlyDirectDependencies
: show only direct dependencies licenses, i.e., don't list dependencies of dependencies.
--omitVersion
: omit version numbers in result (e.g. "npm-license-crawler@0.1.5" becomes "npm-license-crawler")
--no-color
: (or --no-color
) don't show colors in the console output
--relativeLicensePath
: output the relative file path for license files.
--json /path/to/save.json
: export data as JSON to the given file.
The path will be created if it does not exist.
--csv /path/to/save.csv
: export the data as comma-separated values to the given file.
The path will be created if it does not exist.
Called from the npm-license-crawler
installation directory. If called in another directory
make sure the given exclude path exists (or omit the --exclude
option and argument).
npm-license-crawler --exclude ./lib --dependencies --csv licenses.csv
See the following example.
var crawler = require('npm-license-crawler'),
options = {
start: ['../..'],
exclude: ['.'],
json: 'licenses.json',
unknown: true
};
crawler.dumpLicenses(options,
function(error, res){
if (error) {
console.error("Error:", error);
}
else {
console.dir(res);
}
}
);
See Release History.
FAQs
Analyzes license information for multiple node.js modules (package.json files) as part of your software project.
The npm package npm-license-crawler receives a total of 17,485 weekly downloads. As such, npm-license-crawler popularity was classified as popular.
We found that npm-license-crawler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.