Gathering detailed insights and metrics for @inthepocket/npm-license-scraper
Gathering detailed insights and metrics for @inthepocket/npm-license-scraper
📜 Dead simple license scraper for npm packages (with zero real dependencies)
Installations
npm install @inthepocket/npm-license-scraperDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.17.1
NPM Version
9.6.7
Releases
5
Languages
2
TypeScript
JavaScript
TypeScript (56.09%)
JavaScript (43.91%)
Developer
inthepocket
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
7 Stars
54 Commits
3 Forks
21 Watchers
4 Branches
35 Contributors
Updated on May 12, 2024
Maintainers
13
Package Meta Information
Latest Version
2.3.2
Package Id
@inthepocket/npm-license-scraper@2.3.2
Unpacked Size
18.97 kB
Size
5.53 kB
File Count
16
NPM Version
9.6.7
Node Version
18.17.1
Published on
Sep 12, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
📜
npm-license-scraper
Dead simple license scraper and validator with zero dependencies.
Introduction
npm-license-scraper will scan your package.json and node_modules to generate a JSON file including the licenses of all open source packages that are being used.
Usage
1$ npm i -D @inthepocket/npm-license-scraper 2 3# Via npx 4$ npx npm-license-scraper 5 6# Directly 7$ node node_modules/.bin/npm-license-scraper
Options
--export [filename]: Export to a JSON file. (default./licenses.json)--includeDev: Include dev dependencies in output (defaultfalse)--exclude [package|package,package,package]: Ignore certain packages from the check (e.g submodules, monorepo or private packages)
Output format
The exported JSON file has the following format:
1type JSON = Array<{ 2 name: string; 3 version: string; 4 license: string; 5 url: string; 6 isValid: boolean; 7}>;
Example:
1[ 2 { 3 "package": "react", 4 "version": "18.0.0", 5 "license": "MIT", 6 "url": "https://reactjs.org/", 7 "isValid": true 8 }, 9 { 10 "package": "react-native", 11 "version": "0.69.3", 12 "license": "MIT", 13 "url": "https://npmjs.com/package/react-native", 14 "isValid": true 15 } 16]
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
Found 6/17 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 19 are checked with a SAST tool
Score
2.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More