Output all licenses of installed node.js libraries

Question

Is there an option in npm (or other tool) to print all used licenses? I have a project and I want to make sure I don't use a library which is under a license I can't use.

EDIT: Found out that many developers don't include the license in the package.json, so I had to find out manually using "npm docs package-name"

Answer 1

The following commands output the licenses of your dependencies. Because npm view queries npm, it it may take some time.

For npm:

npm ls | tail -n +2 | awk '{print $2}' | xargs -I {} -L 1 npm view {} license | awk '!seen[$0]++

For bun (+ npm):

bun pm ls | tail -n +2 | awk '{print $2}' | sed -e $'s/\x1b\[[0-9;]*m//g' | xargs -I {} -L 1 npm view {} license | awk '!seen[$0]++

bun pm ls only lists the top-level dependencies, which is what I wanted, whereas npm seems to list all dependencies in node_modules? The sed is to strip bun's output of ANSI colors, to not trip up npm view. The last awk deduplicates the output. This works on macOS, but hasn't been tested on other systems.

It's possible to add any property you want to extract from each dependency's package.json, for example the name (see npm help view for more). This will output multiple lines in ini/toml format per dependency, and the deduplication no longer makes sense. Add --json to get JSON objects.

For example ... npm view {} name license:

name = '@antfu/eslint-config'
license = 'MIT'
...

Answer 2

Quick and easy way to check:

npx license-checker --summary

Great source for more information: https://medium.com/@fokusman/the-easiest-way-to-check-all-your-npm-dependency-licenses-753075ef1d9d

Answer 3

if you want to get all licenses from a directory or it subdirectories you can use NPM License Crawler https://www.npmjs.com/package/npm-license-crawler. It was the best solution for me

Answer 4

Yarn has a command for this as well. yarn licenses list renders short output, yarn licenses generate-disclaimer renders all the actual license text to stdout (suitable for disclaimers, as the option would imply).

• If you want to omit devDependencies:

  NODE_ENV=production yarn licenses list
  

• For my purposes, the following command got me close enough:

  yarn licenses list | grep License | \
  grep -vE 'MIT|ISC|WTFPL|BSD|Apache|Unlicense|CC-BY|Public Domain'`
  

Answer 5

You can try this it you are on a Linux based system:

npm list -g --depth=0 | awk '{print $2}' | xargs -i npm view {} | grep license

You will have something like this:

  license: 'MIT',
  license: 'MIT',
  license: 'MIT',
  license: 'BSD',
  license: 'MIT',
  license: 'MIT',
  license: 'BSD-2-Clause',
  license: 'MIT',
  .....................
  .....................
  .....................
  license: 'BSD-2-Clause',

Answer 6

If you're using Atom, there is npm-license-checker to get the licenses from package.json.

Answer 7

Take a look at license-report or license-checker

Answer 8

Having just done this for a large project, I can say it turns out this process is more of a headache to automate fully than you might think. It's easy to get many of them with some of the tricks listed here, but NPM package licenses are not published consistently, and can appear

• In the NPM package.json file, or
• In the README file (sometimes just the name, like "MIT license", and sometimes full license text in a section), or
• In a separate LICENSE or COPYING file.

In addition, you sometimes have to read a licenses to tell which well-known open source license it corresponds to.

The best tool I know to do this, that (unlike some of the other answers here) covers all these cases is the licensecheck package: https://github.com/marcello3d/node-licensecheck

It looks at package.json as well as common license files, and does a signature match against known licenses, so it accurately recognizes more licenses automatically. It also "normalizes" licenses against the standard SPDX list of licenses (https://spdx.org/licenses/).

Finally, Licensecheck also lets you save any remaining packages you needed to manually verify in your own license.json file (since you can't count on an external maintainer to change their package).

Taken together, this is a pretty robust solution.

Answer 9

I had exactly the same requirement, and wrote a node module to do this. Shameless self promotion I know, but it is open source and hope it can help resolve your issue. Let me know if you have any issues or suggestions.

The difference over the other answers is that it does not just use the package.json license declaration, but looks for potential license information in license and readme files in the project.

https://npmjs.org/package/nlf

You can install using npm install -g nlf

Answer 10

I liked the question, and took the time to write a nodejs script for it:

var npm = require('npm');
npm.load(process.config,function(err){
    npm.list(function(err,deps){
        var names = Object.keys(deps.dependencies);
        for(var i in names){
            var depen = deps.dependencies[names[i]];
            console.log('Licenses for :',names[i]);
            depen.licenses.forEach(function(license,i){
                console.log('License #'+(i+1));
                console.log('- Title:',license.type);
                console.log('- Url:\t',license.url);
            });
        }
    });
});

this will output each license name and url for each module,

NOTE: must be executed in project folder and npm must be installed (npm install npm -g sounds overkill but this is the npm js lib)

Answer 11

cd {project}/node_modules
ls | sed 's/$/\/package.json/' | xargs grep '"license[s]*"' -A 3

Could use some improvement, but it works (at least on osx, should work on linux, no idea about windows). You should see something like:

grunt/package.json:  "licenses": [
grunt/package.json-    {
grunt/package.json-      "type": "MIT",
grunt/package.json-      "url": "http://github.com/gruntjs/grunt/blob/master/LICENSE-MIT"
--
grunt-contrib-concat/package.json:  "licenses": [
grunt-contrib-concat/package.json-    {
grunt-contrib-concat/package.json-      "type": "MIT",
grunt-contrib-concat/package.json-      "url": "https://github.com/gruntjs/grunt-contrib-concat/blob/master/LICENSE-MIT"
--

Update:

If you wish to see the name of all modules, even those nested inside other modules, the following works (cred to @robertklep, slightly modified to still work when inside the node_modules directory):

find * -name package.json | xargs grep '"license[s]*"' -A 3