HTML License Generator for NPM/Yarn based projects
Generate a HTML page with list of dependency licenses based on npm/yarn installed packages. Example output
This project is based on npm-license-generator
Usage
Install:
npm install --global html-license-genOptions:
$ html-license-gen --help
Usage:
html-license-gen [folder]
Positionals:
folder Folder of NPM project. Defaults to current working directory [string]
Paths and files:
--folder Folder of NPM project. Defaults to current working
directory [string]
--monorepo-root Root folder of monorepo - if project is in monorepo[string]
--out-path HTML output path [string] [default: "./licenses.html"]
--tmp-folder-name Name of temporary folder
[string] [default: ".license-gen-tmp"]
Output HTML appearance:
--group Group licenses [boolean] [default: true]
--external-links Link package names to their repos [boolean] [default: true]
--add-index Creates index with link to licenses below
[boolean] [default: false]
--title Use given value as document title [string] [default: false]
--template Path to custom mustache template [string]
Package related:
--registry URL of package registry to use
[string] [default: "https://registry.npmjs.org"]
--ignored Semicolon-separated list of packages to ignore
[string] [default: "html-license-gen"]
--only-prod Ignore optional and dev dependencies[boolean] [default: false]
--package-lock Run on all packages listed in package-lock.json
[boolean] [default: false]
Cache and optimization:
--keep-cache Do not clean cache after run [boolean] [default: false]
--checksum-path Checksum file path, to detect if update of HTML is needed
[string] [default: false]
--checksum-embed Embed checksum into HTML to detect need for update
[boolean] [default: false]
--avoid-registry Try local package.json instead asking online registry
[boolean] [default: true]
--no-spdx Do not download license file based on SPDX string
[boolean] [default: false]
--only-spdx Do not use tarballs, only use SPDX string
[boolean] [default: false]
--only-local-tar Do not download tarballs, use only local tarballs
[boolean] [default: true]
Options:
--version Show version number [boolean]
--help Show help [boolean]
--log-level Configures how verbose logs are, one of the following values:
error, warn, info, verbose, debug [string] [default: "warn"]
--error-missing Exit 1 if no license is present for a package
[boolean] [default: false]Options
All boolean options can be prepended with no- that negates flag,
for example; --group groups packages but --no-group disables grouping.
-
--error-missing,--no-error-missingIf enabled, stops and exits generator (without generating/updating HTML file) when any expected license is missing Disabled by default. -
--log-levelDecides how detailed log are. Allowed levels:error,warn,info,verbose,debugwarnby default
Path related options:
-
--folderSpecify root directory of project to parse, by default current directory -
--monorepo-rootSpecify root directory of monorepo in case it is workspace based project, used to search for package, lock and license files. -
--out-pathSpecify output path where generated file will be written. File is always overwritten unless--checksum-pathor--checksum-embedis used and no change is needed. -
--tmp-folder-nameSpecify folder where to download tarballs. Folder need to be writable. Folder and its contents gets deleted after generating file unless--keep-cacheoptions is given.
Output and HTML appearance options:
-
--group,--no-groupGroups packages which use exact same license texts, reducing duplicates and file size. Enabled by default. -
--external-links,--no-external-linksLinks package names (in license header) to their homepages (if and as configured in package.jsonhomepage) Enabled by default. -
--add-index,--no-add-indexCreates index at begin of file - list of anchors allowing quickly jumping to respective package library. Disabled by default. -
--titleOverrides default document title / main header (which is root app package name) with given string. -
--templateOverrides default template path, allowing passing custom template.
Package filtering and configuration:
-
--registryAllows specifying URL of custom NPM repository, otherwise default global NPM repo is used -
--ignoredSemicolon-separated list of packages to ignore and NOT include in generated HTML. For example:typescript;eslint;tar -
--only-prod,--no-only-prodIf enabled, ignores optional and development packages, using only "production" facing packages Disabled by default. -
--package-lock,--no-package-lockInstead of relying solely onpackage.json- also scan lock files to include all dependencies and sub-dependencies. Generates bigger file but include also dependencies of dependencies, not only direct deps. Recommended to use with--only-prod(which would otherwise be huge) and without--no-avoid-registrywhich generates a lot of network requests to registry Disabled by default.
Cache and optimization:
-
--keep-cache,--no-keep-cacheIf enabled, does not delete tmp folder, allowing cache to persist between runs Disabled by default. -
--checksum-pathAllows skipping generation of HTM when packages have not changed. If path is specified, special file indicated by path is used to store checksum. If file exist and contains checksum matching checksum resolved for current package/version list - HTML generation will be skipped After generating HTML file, checksum is written/updated int this file. NOTICE - it does NOT checks for changes in license files, only if package list (and their version) are same. -
--checksum-embed,--no-checksum-embedAllows skipping generation of HTM when packages have not changed. If specified, embed checksum inside generated HTML (as an comment) If existing HTML checksum matching checksum resolved for current package/version list - HTML generation will be skipped NOTICE - it does NOT checks for changes in license files, only if package list (and their version) are same. Disabled by default. -
--avoid-registry,--no-avoid-registryBy default, instead asking online NPM repo, usespackage.jsonfiles found innode_modules. It is way faster but may be inaccurate. Enabled by default. -
--no-spdxIf enabled, does not use SPDX license repository as fallback for missing licenses Disabled by default. -
--no-spdxIf enabled, use only SPDX license repository and do not use license files found in packages/tarballs Disabled by default. -
--only-local-tar,--no-only-local-tarBy default, use only local filesystem and tarballs for license discovery.--no-only-local-tarwill enable downloading tarballs from resolved online URLs - but this may generate lot of internet traffic, especially when used together with--package-lockor without--only-prodEnabled by default.
Use your own template
Supply your own template using the --template option. Templates are written in Mustache. Your template does not have to be HTML, change the output file name using --out-path.
Use template.html file as and starting point
How licenses are found
- Get package version and tarball location from package.lock / yarn.lock
- Look for licenses in node_modules if avalible
- Otherwise download tarball, extract, look for licenses, and use that
- Otherwise, evaluate SPDX string and use a file from https://github.com/spdx/license-list-data/tree/master/text