npmpackage.info

Gathering detailed insights and metrics for licenses

Other packages similar to licenses

spdx-license-ids

3.0.21

A list of SPDX license identifiers

@cspell/dict-public-licenses

2.0.13

Common Public Licenses dictionary for cspell.

spdx-licenses

1.0.0

Has a list of all the valid SPDX licenses, and for a given id, will return the full name and if OSI approved.

@jupyterlite/licenses

0.5.1

JupyterLite - Licenses

Gathering detailed insights and metrics for licenses

licenses - 0.0.20 | npmpackage.info

licenses

Retrieve accurate license information for a given npm package.

0.0.20

MIT

JavaScript

4,762,341 3

Installations

npm install licenses

Developer Guide

BETA

Typescript

No

Module System

CommonJS

NPM Version

1.4.28 Score

92.9

Supply Chain

89.8

Quality

76.7

Maintenance

Vulnerability

78.8

License

Pull Requests

Open

3

Total

4

Closed

0

Merged

1

Issues

Open

11

Total

19

Closed

8

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

3rd-Eden

Download Statistics

Total Downloads

4,762,341

Last Day

657

Last Week

14,220

Last Month

59,763

Last Year

383,092

GitHub Statistics

MIT License

21 Stars

102 Commits

5 Forks

7 Watchers

5 Branches

5 Contributors

Updated on Apr 11, 2020

Maintainers

View All 5 Contributors

Package Meta Information

Latest Version

0.0.20

Package Id

licenses@0.0.20

Size

465.95 kB

NPM Version

1.4.28

Published on

Dec 19, 2014

Total Downloads

Cumulative downloads

Total Downloads

4,762,341

Last Day

-51.9%

657

Compared to previous day

Last Week

-16.8%

14,220

Compared to previous week

Last Month

40.8%

59,763

Compared to previous month

Last Year

91.1%

383,092

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

async debug fusing githulk npm-registry

Dev Dependencies

mocha chai pre-commit argh request

Licenses

Licenses.. This is the most painful part about Open Source. There are so many different licenses and they all have different restrictions. In order to know the license footprint of your project you need to know how your modules are licensed. You might be interested in your license footprint because:

Some licenses might restrict you from selling your code or using it for commercial applications.
There are unlicensed modules released in to npm on a daily basis. Just because they are added in the npm registry it doesn't mean that they are Open Source and just free to use.
The code could be proprietary licensed.
.. and the list goes on and on.

But the biggest problem is figuring out which license a module is actually using. There are a lot of ways of saying that your code is licensed under MIT. There are people who rather say licensed under MIT than just stating MIT. So the way we write which license we use differ but also the location of our licenses. It can be in the package.json hiding in various of properties or specified in the README.md of the project or even a dedicated LICENSE file in the repository.

Now that you've taken the time to read about some of these issues above, you know why this module exists. It tries to fulfill one simple task. Get a human readable license from a given node module.

However, this module isn't flawless as it tries to automate a task that usually requires the interference and intelligence of a human. If you have module that is incorrectly detected or not detected at all but does have licensing information publicly available please create an issue about and we'll see if it can get resolved.

Installation

The module is released through npm and can therefor be installed using:

npm install --save licenses

CLI

There is CLI version of this module available as licensing which can be installed locally using:

npm install -g licensing

See https://github.com/3rd-Eden/licensing for more information.

Getting started with the API

The module exposes one single interface for retrieving the packages, which is a simple exported function:

1'use strict';
2
3var licenses = require('licenses');
4
5licenses('primus', function fetched(err, license) {
6  console.log(license.join(',')); // MIT
7});

As you can see in the example above, the first argument of the function can be a string with the name of the package you want to resolve. In addition to supplying a string you can also give it the contents of the npm registry's data directly:

1licenses({ name: 'primus', readme: '..', ....}, function fetched(err, license) {
2
3});

The function allows a second optional argument which allows you to configure license function. The following options are supported:

githulk A custom or pre-authorized githulk instance. The license lookup process makes extensive use of GitHub to retrieve license information that might not be available in the package.json. But the GitHub API is rate limited so if you don't use an authorized GitHulk instance you can only do 60 calls to the API.
order The order in which we should attempt to resolve the license. This defaults to [registry, github, content].
registry The URL of The npm Registry we should use to retrieve package data.
npmjs a custom npm-registry instance.

The options are completely optional and can therefore be safely omitted.

1licenses('primus', { registry: 'https://registry.npmjs.org/' }, function () {
2
3});

As you might have noticed from the options we support three different lookup algorithms:

registry

In this algorithm we attempt to search for license information directly in the supplied or retrieved npm data. This is the fastest lookup as it only needs to search and parse the license and licenses fields of the module for license information.

github

This reads out your github repository information from the package data to get a directly listing of your project. Once the directory is listed it fetches files from the repo where a possible license or license information can be found like README and LICENSE files. All the data that is found will be scanned with the content algorithm.

content

It searches the readme or supplied content for matches the license files. If it fails to do any matching based on the license files it fallback to a really basic regexp based check.

License

MIT

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

3

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More