Is there an option in npm (or other tool) to print all used licenses? I have a project and I want to make sure I don't use a library which is under a license I can't use.
EDIT: Found out that many developers don't include the license in the package.json, so I had to find out manually using "npm docs package-name"
I had exactly the same requirement, and wrote a node module to do this. Shameless self promotion I know, but it is open source and hope it can help resolve your issue. Let me know if you have any issues or suggestions.
The difference over the other answers is that it does not just use the package.json license declaration, but looks for potential license information in license and readme files in the project.
You can install using npm install -g nlf
cd {project}/node_modules
ls | sed 's/$/\/package.json/' | xargs grep '"license[s]*"' -A 3
Could use some improvement, but it works (at least on osx, should work on linux, no idea about windows). You should see something like:
grunt/package.json: "licenses": [
grunt/package.json- {
grunt/package.json- "type": "MIT",
grunt/package.json- "url": "http://github.com/gruntjs/grunt/blob/master/LICENSE-MIT"
--
grunt-contrib-concat/package.json: "licenses": [
grunt-contrib-concat/package.json- {
grunt-contrib-concat/package.json- "type": "MIT",
grunt-contrib-concat/package.json- "url": "https://github.com/gruntjs/grunt-contrib-concat/blob/master/LICENSE-MIT"
--
Update:
If you wish to see the name of all modules, even those nested inside other modules, the following works (cred to @robertklep, slightly modified to still work when inside the node_modules directory):
find * -name package.json | xargs grep '"license[s]*"' -A 3
I liked the question, and took the time to write a nodejs script for it:
var npm = require('npm');
npm.load(process.config,function(err){
npm.list(function(err,deps){
var names = Object.keys(deps.dependencies);
for(var i in names){
var depen = deps.dependencies[names[i]];
console.log('Licenses for :',names[i]);
depen.licenses.forEach(function(license,i){
console.log('License #'+(i+1));
console.log('- Title:',license.type);
console.log('- Url:\t',license.url);
});
}
});
});
this will output each license name and url for each module,
NOTE: must be executed in project folder and npm must be installed (npm install npm -g sounds overkill but this is the npm js lib)
Having just done this for a large project, I can say it turns out this process is more of a headache to automate fully than you might think. It's easy to get many of them with some of the tricks listed here, but NPM package licenses are not published consistently, and can appear
In addition, you sometimes have to read a licenses to tell which well-known open source license it corresponds to.
The best tool I know to do this, that (unlike some of the other answers here) covers all these cases is the licensecheck package: https://github.com/marcello3d/node-licensecheck
It looks at package.json as well as common license files, and does a signature match against known licenses, so it accurately recognizes more licenses automatically. It also "normalizes" licenses against the standard SPDX list of licenses (https://spdx.org/licenses/).
Finally, Licensecheck also lets you save any remaining packages you needed to manually verify in your own license.json file (since you can't count on an external maintainer to change their package).
Taken together, this is a pretty robust solution.
Take a look at license-report or license-checker