Gathering detailed insights and metrics for @wbmnky/license-report-generator
Gathering detailed insights and metrics for @wbmnky/license-report-generator
Saves all dependency licenses (node_modules) to a file
Installations
npm install @wbmnky/license-report-generatorDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
20.17.0
NPM Version
10.8.2
Releases
3
Languages
2
TypeScript
JavaScript
TypeScript (85.45%)
JavaScript (14.55%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
7 Stars
115 Commits
4 Forks
1 Watchers
4 Branches
2 Contributors
Updated on Sep 27, 2024
Maintainers
1
Package Meta Information
Latest Version
2.3.2
Package Id
@wbmnky/license-report-generator@2.3.2
Unpacked Size
38.17 kB
Size
7.62 kB
File Count
10
NPM Version
10.8.2
Node Version
20.17.0
Published on
Sep 27, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
4
@wbmnky/license-report-generator
finds and stores all dependency licenses
Install
pnpm add @wbmnky/license-report-generator
Usage
Options
{
useDevDependencies: boolean, // defaults to 'false'
packagePath: string, // defaults to 'process.cwd()'
packageName: string, // defaults to 'package.json'
depth: number, // defaults to '1'
template: string, // defaults to the contents of assets/template.txt
}
Examples
Find licenses and write to file
1const licenser = require('@wbmnky/license-report-generator'); 2 3const options = { 4 useDevDependencies: true 5}; 6 7return licenser.reporter.generate(options) 8 .then(rep => rep.write(path.resolve(__dirname, 'output.md'))) 9 .catch((error) => { 10 console.log(error); 11 });
Return licenses as plain object
1const licenser = require('@wbmnky/license-report-generator'); 2 3const options = { 4 useDevDependencies: true, 5 depth: 2 6}; 7 8return licenser.reporter.generate(options) 9 .then(rep => console.log(rep.plain())) 10 .catch((error) => { 11 console.log(error); 12 });
Use with your own template
1const licenser = require('@wbmnky/license-report-generator'); 2const fs = require('fs'); 3const path = require('path'); 4 5const options = { 6 template: fs.readFileSync(path.resolve(__dirname, 'template-table.txt'), 'utf8') 7}; 8 9return licenser.reporter.generate(options) 10 .then(rep => rep.write(path.resolve(__dirname, 'output.md'))) 11 .catch((error) => { 12 console.log(error); 13 });
Use with default table template
1const licenser = require('@wbmnky/license-report-generator'); 2 3return licenser.reporter.generate({}) 4 .then(rep => rep.table()) 5 .then(rep => rep.write(path.resolve(__dirname, 'output.md'))) 6 .catch((error) => { 7 console.log(error); 8 });
CLI usage
1license-report-generator [--table] [--depth Number|Infinity] [--template-dir path/to/templates/] [--template-file template.txt] [--out-dir path/to/output/] [--out-file license-output.md]
CLI options
--table(Default:false) - use the default table template--depth {number}|Infinity(Default:1) - package depth, 0 is current project only--with-dev-dependencies(Default:false) - whether to includedevDependenciesin the license report or not--out-dir(Default:process.cwd()) - the output directory where the license file is written to--out-file(Default:license-output.md) - the output filename of the license file--template-dir(Default:null) - if you want to use an own template, specify the directory where to find the template--template-file(Default:null) - if you want to use an own template, specify the filename of the template
Changelog
> 2.2.0
Subsequent changelogs can be found in the Releases section of this repository.
2.2.0
- feat: Added new variable
generatedAtto use in a template - fix: Removed Travis CI, replaced with GitHub Actions (
buildandpublish) - fix: Renamed interfaces and types
- chore: Replaced
yarnwithpnpmas the internal package manager - chore: Updated dependencies to latest versions
2.1.0
- Added CLI option to use as a global installed npm package
2.0.0
- Removed
bowersupport (fallback: legacy version 0.2.0 @ npm) - Return all found packages as plain object, without formatting / writing to file
- Added second example template for display as a table
License
MIT © Sebastian Roming
Credits
This is originally based on ux-license-report.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
7 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
Found 0/4 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sebastianroming/license-report-generator/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sebastianroming/license-report-generator/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sebastianroming/license-report-generator/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/sebastianroming/license-report-generator/release.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
3.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More