Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I made a small tool to check the licenses of your installed npm dependencies, which you can execute it by running this on the root of your project:

    npx legally
It will search for licenses in the LICENSE file, Readme.md and package.json (and alt spellings) and make a small report of: what licenses are in use, and some anomalies. The repo:

https://github.com/franciscop/legally



Am I being blind or have you released a tool that checks licenses with no license? I mean, I enjoy a good joke but seriously.


It is right here under "license": https://github.com/franciscop/legally/blob/master/package.js...

Just added it as a separated file as well.


Nice. We may use this. TBH, licenses in NPM seem like such an afterthought. And the past few companies I've worked at all took advantage of it, greatly. Mostly with SaaS, so they should be OK, but also with commercially distributed software.


How so? It’s baked right into the package metadata system, API, website, etc.


Interesting, GitHub recently released a similar tool in Ruby [0], and GitLab uses license_finder [1].

[0] https://github.com/github/licensed [1] https://github.com/pivotal/LicenseFinder


I proposed it and offered myself to implement it into npm, but it was ignored and closed by a bot :(

https://github.com/npm/npm/issues/14270




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: