Gathering detailed insights and metrics for license
Installations
npm install licenseDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Score
69.5
Supply Chain
98.4
Quality
74.1
Maintenance
100
Vulnerability
93.9
License
Contributors
4
Unable to fetch Contributors
Languages
2
TypeScript
JavaScript
TypeScript (86.42%)
JavaScript (13.58%)
Developer
Ovyerus
Download Statistics
Total Downloads
114,396
Last Day
166
Last Week
622
Last Month
2,457
Last Year
29,879
GitHub Statistics
35 Stars
50 Commits
5 Forks
3 Watching
2 Branches
4 Contributors
Bundle Size
3.76 MB
Minified
650.37 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.0.3
Package Id
license@1.0.3
Size
12.22 kB
Publised On
09 Apr 2020
Total Downloads
Cumulative downloads
Total Downloads
114,396
Last day
33.9%
166
Compared to previous day
Last week
1%
622
Compared to previous week
Last month
0.9%
2,457
Compared to previous month
Last year
19.5%
29,879
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
9
Dev Dependencies
22
@types/configstore@types/fuzzy-search@types/git-config-path@types/jest@types/node@types/parse-git-config@types/prompts@types/yargs@typescript-eslint/eslint-plugin@typescript-eslint/parsereslinteslint-config-clarityeslint-plugin-importeslint-plugin-prettiereslint-plugin-reacteslint-plugin-react-hooksjestmarkdown-magicmetro-memory-fsprettierts-jesttypescript
Versions
license
Easily generate licenses for your projects!
Table of Contents
What is this?
Have you ever started a new project, and needed to add a new license to it but don't know the exact wording off by heart (because who would)? You have to search for the license you want, copy its text, paste it into a new file, and then check to see if there's anything like copyright information that you need to update.
License is a super easy to use CLI tool for streamlining the LICENSE file creation process. With a super simple but powerful CLI inspired by tools such as now, setting up a license for your new project has never been easier!
Usage
First, globally install license through your package manager of choice.
1$ yarn global add license 2# or 3$ npm i -g license
And then simply run license to generate a license.
$ license [license]
If you don't specify a license to generate, it'll either pick from your config, or show an interactive prompt for you to search through.
If you don't want to install license and just want to run it once, you can use
npx
1$ npx license [license] 2# Or using Yarn 2.x 3$ yarn dlx license [license]
Examples
todo
Advanced Usage
By default, license will try to guess your name, email, the current project, and the current year to use in the license it generates. You can override these in a number of ways though.
Name
By default, license will try to get your name from your Git configuration,
(git config --global user.name). If it fails to, it will fallback to using the
USER environment variable, often your username in a shell.
You can override this in two ways:
- Overriding it as a one time thing by providing a
--nameoption while runninglicense(also alised to-n). - Overriding it permanently by using
license config --name <name>, which will add it to the global config, and will be used for any future calls tolicense, unless the--nameoption above is used, in which case that will take precedence.
By default, license will try to get your email from your Git configuration, just
like it does with your name, (git config --global user.email), however it does
not have any fallback to use, so it's recommended you use either of the two
override methods below.
- Overriding it as a one time thing by providing an
--emailoption while runninglicense(also aliased to-e). - Overriding it permanently by using
license config --email <email>, which will add it to the global config, and will be used for any future calls tolicense, unless the--emailoption above is used, in which case that will take precedence.
Year
By default, license will use the current year (according to your system time) to
fill in, however you can set a custom year using the --year option to
license.
It supports a couple formats for the year:
- a plain year -
2009 - a year range -
2005-2009 - a list of years -
2004, 2006, 2007- also supports ranges in it -2004, 2005-2009, 2011
Project
By default, license will use the directory it's making the license file in as
the name of the project, however in case the directory's name doesn't match the
project name or whatever, you can override the name using the --projectName
option to license.
If you want to change the directory the license gets generated in, without
needing to cd into it, you can supply the --project option (aliased to -p)
with a path to the directory instead, and it'll generate the license there.
It'll also change the project name set to that of the directory, unless you
specify the --projectName option above.
Default License
If you wish to be able to run license without having to specify the same
license everytime - say you just want to use the MIT License everywhere because
that's your go-to. You can set what license gets generated by default with
license config --license <license>, and it will procede to use that for all
future calls without you need to specify MIT as the license every single time.
You can of course override this decision by specifying a license to when you
call license via the normal usage, this just changes the default empty
behaviour from the search prompt to auto filling a license.
API Usage
You can also use the core functionality of license through a simple API
Getting a license you know
1import { getLicense } from "license"; 2 3// Get license template text 4console.log(getLicense("MIT")); 5 6// Fill out some info 7console.log(getLicense("MIT", { author: "Ovyerus", year: "2020" }));
Getting a list of licenses that match a search term
1import { findLicense } from "license"; 2 3console.log(findLicense("mi")); 4// [ 'MIT', 'MirOS', 'Multics', 'MPL-2.0-no-copyleft-exception' ] 5 6console.log(findLicense("mit")); 7// [ 'MIT' ] (exact match) 8 9// Showing more licenses than just OSI-approved 10console.log(findLicense("mi", false)); 11// [ 12// 'CDLA-Permissive-1.0', 13// 'MIT', 14// 'MIT-0', 15// 'MIT-CMU', 16// 'MIT-advertising', 17// 'MIT-enna', 18// 'MIT-feh', 19// 'MITNFA', 20// 'MirOS', 21// ... 22// ]
Combined, you can provide a powerful searching experience for a license without needing your users to exactly remember the name of what they want.
API Docs
getLicense(license[, replacements]) => string
Get the body text of a given license, optionally filling in any placeholder values with given values, such as author or date.
license (string)
The name of the license to get/fill in. Must be an exact match including capitalisation.
replacements (object)
A plain key: value object used to populate given any present placeholders in
the license text, where key is used as the placeholder's name, and value is
what replaces the placeholder.
findLicense(search[, osiOnly = true]) => string[]
Get a list of possible matching license identifiers, given a string - possibly user input. If the input is an exact matchs (sans capitalisation), it'll return only that as a result, to make it easier to determine if the user got the search right.
search (string)
The string to search through all the identifiers for a match.
osiOnly (boolean)
Determines whether or not to only show only OSI-approved licenses in the
results. Defaults to true.
License
This repository and the code inside it is licensed under the MIT License. Read LICENSE for more information.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 3/26 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/Ovyerus/license/push.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Ovyerus/license/push.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/push.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/Ovyerus/license/push.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/push.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Reason
32 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-jv35-xqg7-f92r
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
2.6
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More