Output all licenses of installed node.js libraries
node.jsNpmnode.js Problem Overview
Is there an option in npm (or other tool) to print all used licenses? I have a project and I want to make sure I don't use a library which is under a license I can't use.
EDIT: Found out that many developers don't include the license in the package.json, so I had to find out manually using "npm docs package-name"
node.js Solutions
Solution 1 - node.js
I had exactly the same requirement, and wrote a node module to do this. Shameless self promotion I know, but it is open source and hope it can help resolve your issue. Let me know if you have any issues or suggestions.
The difference over the other answers is that it does not just use the package.json license declaration, but looks for potential license information in license and readme files in the project.
You can install using npm install -g nlf
Solution 2 - node.js
cd {project}/node_modules
ls | sed 's/$/\/package.json/' | xargs grep '"license[s]*"' -A 3
Could use some improvement, but it works (at least on osx, should work on linux, no idea about windows). You should see something like:
grunt/package.json: "licenses": [
grunt/package.json- {
grunt/package.json- "type": "MIT",
grunt/package.json- "url": "http://github.com/gruntjs/grunt/blob/master/LICENSE-MIT"
--
grunt-contrib-concat/package.json: "licenses": [
grunt-contrib-concat/package.json- {
grunt-contrib-concat/package.json- "type": "MIT",
grunt-contrib-concat/package.json- "url": "https://github.com/gruntjs/grunt-contrib-concat/blob/master/LICENSE-MIT"
--
Update:
If you wish to see the name of all modules, even those nested inside other modules, the following works (cred to @robertklep, slightly modified to still work when inside the node_modules directory):
find * -name package.json | xargs grep '"license[s]*"' -A 3
Solution 3 - node.js
Yarn has a command for this as well. yarn licenses list renders short output, yarn licenses generate-disclaimer renders all the actual license text to stdout (suitable for disclaimers, as the option would imply).
-
If you want to omit
devDependencies:NODE_ENV=production yarn licenses list -
For my purposes, the following command got me close enough:
yarn licenses list | grep License | \ grep -vE 'MIT|ISC|WTFPL|BSD|Apache|Unlicense|CC-BY|Public Domain'`
Solution 4 - node.js
Take a look at license-report or license-checker
Solution 5 - node.js
Having just done this for a large project, I can say it turns out this process is more of a headache to automate fully than you might think. It's easy to get many of them with some of the tricks listed here, but NPM package licenses are not published consistently, and can appear
- In the NPM package.json file, or
- In the README file (sometimes just the name, like "MIT license", and sometimes full license text in a section), or
- In a separate LICENSE or COPYING file.
In addition, you sometimes have to read a licenses to tell which well-known open source license it corresponds to.
The best tool I know to do this, that (unlike some of the other answers here) covers all these cases is the licensecheck package: https://github.com/marcello3d/node-licensecheck
It looks at package.json as well as common license files, and does a signature match against known licenses, so it accurately recognizes more licenses automatically. It also "normalizes" licenses against the standard SPDX list of licenses (https://spdx.org/licenses/).
Finally, Licensecheck also lets you save any remaining packages you needed to manually verify in your own license.json file (since you can't count on an external maintainer to change their package).
Taken together, this is a pretty robust solution.
Solution 6 - node.js
I liked the question, and took the time to write a nodejs script for it:
var npm = require('npm');
npm.load(process.config,function(err){
npm.list(function(err,deps){
var names = Object.keys(deps.dependencies);
for(var i in names){
var depen = deps.dependencies[names[i]];
console.log('Licenses for :',names[i]);
depen.licenses.forEach(function(license,i){
console.log('License #'+(i+1));
console.log('- Title:',license.type);
console.log('- Url:\t',license.url);
});
}
});
});
this will output each license name and url for each module,
NOTE: must be executed in project folder and npm must be installed (npm install npm -g sounds overkill but this is the npm js lib)
Solution 7 - node.js
You can try this it you are on a Linux based system:
npm list -g --depth=0 | awk '{print $2}' | xargs -i npm view {} | grep license
You will have something like this:
license: 'MIT',
license: 'MIT',
license: 'MIT',
license: 'BSD',
license: 'MIT',
license: 'MIT',
license: 'BSD-2-Clause',
license: 'MIT',
.....................
.....................
.....................
license: 'BSD-2-Clause',
Solution 8 - node.js
if you want to get all licenses from a directory or it subdirectories you can use NPM License Crawler https://www.npmjs.com/package/npm-license-crawler. It was the best solution for me
Solution 9 - node.js
If you're using Atom, there is npm-license-checker to get the licenses from package.json.
Solution 10 - node.js
Quick and easy way to check:
npx license-checker --summary
Great source for more information: https://medium.com/@fokusman/the-easiest-way-to-check-all-your-npm-dependency-licenses-753075ef1d9d