Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
npm-license-crawler
Advanced tools
Analyzes license information for multiple node.js modules (package.json files) as part of your software project.
NPM License Crawler is a wrapper around license-checker to analyze several node packages (package.json files) as part of your software project. This way, it is possible to create a list of third party licenses for your software project in one go. File paths containing ".git" or "node_modules" are ignored at the stage where 'package.json' files are matched to provide the entry points to calling license-checker.
If you like npm-license-crawler, please consider ★ starring the project on github. Contributions to the project are welcome. You can simply fork the project and create a pull request with your contribution to start with.
Use global installation to be able to run npm-license-crawler from the command line.
npm i npm-license-crawler -g
--start directory-path
: path to the directory the license search should start from.
If omitted the current working directory is assumed.
--exclude directory-path
: path to a directory to be excluded (and its subdirectories) from the search.
--unknown
: show only licenses that can't be determined or have been guessed.
--dependencies
: show only third-party licenses, i.e., only list the dependencies defined in package.json.
--production
: show only production dependencies
--development
: show only development dependencies
--onlyDirectDependencies
: show only direct dependencies licenses, i.e., don't list dependencies of dependencies.
--omitVersion
: omit version numbers in result (e.g. "npm-license-crawler@0.1.5" becomes "npm-license-crawler")
--no-color
: (or --no-color
) don't show colors in the console output
--relativeLicensePath
: output the relative file path for license files.
--json /path/to/save.json
: export data as JSON to the given file.
The path will be created if it does not exist.
--csv /path/to/save.csv
: export the data as comma-separated values to the given file.
The path will be created if it does not exist.
Called from the npm-license-crawler
installation directory. If called in another directory
make sure the given exclude path exists (or omit the --exclude
option and argument).
npm-license-crawler --exclude ./lib --dependencies --csv licenses.csv
See the following example.
var crawler = require('npm-license-crawler'),
options = {
start: ['../..'],
exclude: ['.'],
json: 'licenses.json',
unknown: true
};
crawler.dumpLicenses(options,
function(error, res){
if (error) {
console.error("Error:", error);
}
else {
console.dir(res);
}
}
);
See Release History.
FAQs
Analyzes license information for multiple node.js modules (package.json files) as part of your software project.
The npm package npm-license-crawler receives a total of 16,059 weekly downloads. As such, npm-license-crawler popularity was classified as popular.
We found that npm-license-crawler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.