Check npm package dependency license metadata against rules.
Licensee accepts two kinds of configuration:
You can set configuration with command flags or a
file at the root of your package, like so:
license property is an SPDX license expression that
spdx-expression-parse can parse. Any package with standard
license metadata that satisfies the SPDX license expression
according to spdx-satisfies will not cause an error.
whitelist is a map from package name to a node-semver
Semantic Versioning range. Packages whose license metadata don't match
the SPDX license expression in
license but have a name and version
whitelist will not cause an error.
To install and use
npm install --global licenseecd your-packagelicensee --initlicensee
licensee script prints a report about dependencies and their
license terms to standard output. It exits with status
0 when all
./node_modules meet the configured licensing criteria
1 when one or more do not.
To install it as a development dependency of your package:
cd your-packagenpm install --save-dev licensee
licensee to your npm scripts:
For output as newline-delimited JSON objects, for further processing:
To skip the readout of license information:
If you want a readout of dependency information, but don't want
your continuous integration going red, you can ignore
To save the readout of license information to a file:
Alternatively, for a readout of just packages without approved licenses:
The package exports an asynchronous function of three arguments:
A configuration object in the same form as
The path of the package to check.
An error-first callback that yields an array of objects, one per dependency.