npmpackage.info

Gathering detailed insights and metrics for ux-license-report

ux-license-report

Generates license reports of 3rd-party software dependencies

1.2.1

Apache-2.0

JavaScript

58.73 kB

52,287 1.7

Installations

npm install ux-license-report

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=6

Node Version

11.5.0

NPM Version

6.4.1 Score

57.3

Supply Chain

89.3

Quality

71.7

Maintenance

Vulnerability

97.4

License

Pull Requests

Open

0

Total

5

Closed

0

Merged

5

Issues

Open

0

Total

1

Closed

1

Releases

v1.2.1

Updated on Dec 19, 2018

v1.2.0

Updated on Feb 27, 2018

v1.1.0

Updated on Aug 01, 2017

v1.0.0

Updated on Feb 03, 2017

View All 4 releases

Contributors

Unable to fetch Contributors

View All 9 Contributors

Languages

JavaScript

JavaScript (100%)

validate.email 🚀

Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.

Developer

banno

Download Statistics

Total Downloads

52,287

Last Day

Last Week

187

Last Month

719

Last Year

8,682

GitHub Statistics

Apache-2.0 License

1 Stars

42 Commits

1 Forks

26 Watchers

1 Branches

9 Contributors

Updated on Sep 13, 2023

Bundle Size

188.49 kB

Minified

58.73 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

1.2.1

Package Id

ux-license-report@1.2.1

Unpacked Size

81.46 kB

Size

25.56 kB

File Count

NPM Version

6.4.1

Node Version

11.5.0

Total Downloads

Cumulative downloads

Total Downloads

52,287

Last Day

39.3%

Compared to previous day

Last Week

28.1%

187

Compared to previous week

Last Month

-9.7%

719

Compared to previous month

Last Year

32.8%

8,682

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

bower-license lodash minimist nlf spdx-correct

Dev Dependencies

jasmine tempfile ux-lint

License Report

Generates license reports of 3rd-party software dependencies

Looks through a project's npm dependencies (and optionally devDependencies and Bower dependencies), pulls out licensing information, and compiles it into a given template.

1const licenser = require('ux-license-report');
2
3let report = licenser.generateReport();
4console.log(report.toString()); // print it to the console
5report.write('report.txt'); // saves the report to a file

API

`generateReport(opts)`

Returns a Promise that resolves to the generated report.

Options:

context: Object of values (indexed by property) to add to the template. Default is {}.
include: Array of npm (for package.json dependencies), dev (for package.json devDependencies), and/or bower (for bower.json dependencies). Default is ['npm'].
path: The root path of the project.
template: Lodash template string to use when rendering. Default is in template.txt.

The returned report object has the following properties:

toString(): Returns the compiled report.
warnings: An array of any warnings that occurred.
write(filename): Saves the compiled report to a file.

CLI

If you have this module installed globally or inside another project, you can call it on the command line from the generate-license-report.js script:

$ ./generate-license-report.js [ROOTPATH]
     [--include npm] [--include dev] [--include bower]
     [--template FILE]
     [--CONTEXT VALUE --CONTEXT VALUE ...]
     > licenses.txt

If the root path is not specified, the current working directory is used. The default values for other options are the same as the API.

All options are passed through to the template, so you can add to the context by passing scalar values or JSON strings. For example: ./generate-license-report.js --foo 1 --bar '{"bar": "value"}'.

The generated report sent to standard output (stdout), so you can save it by redirecting it to a file (as shown in the example above). Any errors or warnings are sent to standard error (stderr).

Call the script with the --help option (./generate-license-report.js --help) to see the usage info.

Contributing

Please add tests and maintain the existing styling when adding and updating the code.

yarn lint  # run linting
yarn test  # run tests

Bugs & Feature Requests

Have an issue or feature request? Please open a new issue.

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

40 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-832h-xg76-4gv6
Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-4hpf-3wq7-5rpr
Warn: Project is vulnerable to: GHSA-f522-ffg8-j8r6
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3
Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq

Score

1.7

/10

Last Scanned on 2025-03-10

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More