Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
npm-license-crawler
Advanced tools
Readme
NPM License Crawler is a wrapper around license-checker to analyze several node packages (package.json files) as part of your software project. This way, it is possible to create a list of third party licenses for your software project in one go. File paths containing ".git" or "node_modules" are ignored at the stage where 'package.json' files are matched to provide the entry points to calling license-checker.
If you like npm-license-crawler, please consider ★ starring the project on github. Contributions to the project are welcome. You can simply fork the project and create a pull request with your contribution to start with.
Use global installation to be able to run npm-license-crawler from the command line.
npm i npm-license-crawler -g
--start directory-path
: path to the directory the license search should start from.
If omitted the current working directory is assumed.
--exclude directory-path
: path to a directory to be excluded (and its subdirectories) from the search.
--unknown
: show only licenses that can't be determined or have been guessed.
--dependencies
: show only third-party licenses, i.e., only list the dependencies defined in package.json.
--production
: show only production dependencies
--development
: show only development dependencies
--onlyDirectDependencies
: show only direct dependencies licenses, i.e., don't list dependencies of dependencies.
--omitVersion
: omit version numbers in result (e.g. "npm-license-crawler@0.1.5" becomes "npm-license-crawler")
--no-color
: (or --no-color
) don't show colors in the console output
--relativeLicensePath
: output the relative file path for license files.
--json /path/to/save.json
: export data as JSON to the given file.
The path will be created if it does not exist.
--csv /path/to/save.csv
: export the data as comma-separated values to the given file.
The path will be created if it does not exist.
Called from the npm-license-crawler
installation directory. If called in another directory
make sure the given exclude path exists (or omit the --exclude
option and argument).
npm-license-crawler --exclude ./lib --dependencies --csv licenses.csv
See the following example.
var crawler = require('npm-license-crawler'),
options = {
start: ['../..'],
exclude: ['.'],
json: 'licenses.json',
unknown: true
};
crawler.dumpLicenses(options,
function(error, res){
if (error) {
console.error("Error:", error);
}
else {
console.dir(res);
}
}
);
See Release History.
FAQs
Analyzes license information for multiple node.js modules (package.json files) as part of your software project.
The npm package npm-license-crawler receives a total of 18,477 weekly downloads. As such, npm-license-crawler popularity was classified as popular.
We found that npm-license-crawler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.