license-manager is a CLI license management tool for npm dependencies.
node >= v18.14.0
npm >= v9.3.1 (need npm query
) or pnpm >= v8.10.0
npm install -g @cybozu/license-manager@latest
Analyze dependencies licenses.
If invalid package found, it outputs error.
license-manager analyze -q ".prod" -w . -l MIT -l ISC -p "@types/*" -p "react@*"
Extract licenses to a single file.
license-manager extract -q ".prod" -w . -l MIT -l ISC -p "@types/*" -p "react@*"
default:
- analyze:
":root *"
- extract:
":root .prod"
Query string for npm query.
license-manager uses npm query to search packages.
Attention: If the package manager is pnpm
, it cannot be specified; it is the same as ":root *"
for analyze and ":root .prod"
for extract.
default: (empty / process.cwd())
Current working directory for npm query.
default: (ignored)
Option for workspace
option of npm query.
default: (empty / Automatically detects)
Specify which package manager to use npm
or pnpm
.
Automatically detected if you are running the command with npm run
, npx
, or pnpm run
.
default: (./license-manager.config.js)
Config file path.
default: (empty / All licenses are denied)
Permitted license name.
If any package is found for which this option is not specified, analyze
command will output errors.
default: (ignored)
Permitted package name.
Packages specified with this option are allowed regardless of the license.
-p foo@1.2.3
-p foo@1.2.3 -p bar@2.3.4
# Allow any version
-p foo
-p foo@*
-p foo@all
# Allow scoped package
-p @foo/*
default: (empty / All licenses are extracted)
Extracts only packages with the specified license.
If omitted, all packages are extracted.
default: (ignored)
Excluded package name.
default: "licenses.txt" or "licenses.json"
Output file name.
Relative path from the current directory.
Output licenses in JSON format.
Based on the results of npm query, and some fields be added.
-
licenseText
(string) : Extracted license text. -
licenseTextPath
(string)(optional) : File path to license text file. Omitted if override function is used. -
apacheNotice
(string)(optional) : Contents of NOTICE file. Exists only if Apache-2.0 license and NOTICE file exists. -
apacheNoticePath
(string)(optional) : File path to NOTICE file.
You can write all settings to license-manager.config.js
.
If license-manager.config.js
exists in the current directory, it is automatically loaded.
You can change the file path with the --config option.
CLI options take precedence, but license and package specifications are merged.
And you can also specify a override function in case the license and license text cannot be detected.
module.exports = {
workspace: ".",
analyze: {
query: ":workspace:is([name=app]) *",
allowLicenses: ["MIT", /BSD.*/, "ISC"],
allowPackages: ["mypackage", /eslint/],
},
extract: {
query: ":workspace:is([name=app]) .prod",
excludePackages: [/^@cybozu/],
extractLicenses: [/BSD.*/, "ISC"],
output: "mylicenses.json",
format: "json",
},
overrideLicense: (dep) => {
if (dep.name === "foo/bar") {
return "MIT";
}
return;
},
overrideLicenseText: (dep) => {
if (dep.name === "foo/bar") {
return { licenseText: `MY PACKAGE LICENSE` };
}
if (dep.name === "license-manager") {
return {
licensePageUrl: `https://raw.githubusercontent.com/cybozu/license-manager/v${dep.version}/LICENSE`,
};
}
return;
},
};
You can use utility functions in license-manager.config.js.
isMatchPackage
: Verifying that package name and version match
isMatchName
: Verifying that package name match
isMatchVersion
: Verifying that package version match
const { isMatchPackage } = require('@cybozu/license-manager');
module.exports = {
...
overrideLicense: (dep) => {
if (isMatchPackage(dep, "foo/bar@1.0.0")) {
return "MIT";
}
return;
},
};