Thanks to NPM and the open-source community, developers can use plenty of external libraries for JavaScript development. But that doesn’t give us the freedom to use anything without considering their copyrights.

So, we should be aware of licensing models of the libraries we use. This article will show you a way to do a quick audit on your NPM dependencies using the license-checker NPM package.

Manual Method

As you already know, all NPM packages have their own licenses, and you can find these licenses inside the package itself in the node_modules directory.

When you go inside node_modules, there is a file named LICENSE in each package that includes the license details.If a LICENSE file is not found, the license should probably be mentioned inside the README file. These licenses explicitly mention the terms and conditions of the package.

The package.json file inside each package also has a property called license, where the value is the type of the license.

However, going through all the packages manually and checking for licenses is a waste of time. There is a high chance you will miss a license among thousands of NPM modules.

Let’s see how we can do a quick audit of all the NPM licenses without getting into much trouble.

Tip: Build & share independent components with Bit

Bit is an ultra-extensible tool that lets you create truly modular applicationswith independently authored, versioned, and maintained components.

Use it to build modular apps & design systems, author and deliver micro frontends, or simply share components between applications.

Analyzing Licenses in One Go

To analyze all the Node package licenses in a project, I will be using the license-checker module, which is another package available in NPM.

Let’s start by installing the license-checker globally to use it in any project environment.

npm install -g license-checker

Now we will use the license-checker to list all the licenses used by our Node project. Then you can start analyzing the licenses by using the following command.

license-checker

This command will give a list of libraries with licenses and their details such as license type, link to package repo, publisher’s name, email, path to the package, and path to the package license.

When you run the above code, the license-checker will first go through each module in the node_modules directory and look inside the package.json to identify the license.

If the license details are not found, the files named LICENSE, LICENCE, COPYING, and README will be checked. If a license is deduced from one of the above files, it will be indicated by an asterisk(*), next to license type to show that the license name is guessed.

You can also use the following command to get a summary of licenses used across any project.

license-checker --summary

The above summary shows that MIT, ISC, BSD, and Apache-2.0 are the most commonly used licenses found in open-source NPM packages.

You will also find the following flags to be useful when used together with license-checker command.

• --production — Show production dependencies only.
• --development — Show development dependencies only.
• --unknown — Output guessed licenses as UNKNOWN.
• --onlyunknown — List packages with guessed licenses only.

Apart from that, you can get the number of licenses used in your project usinglicense-checker | grep -c ‘licenses:’ command.

Besides, you can make a quick comparison of the number of packages used and the count of licenses by using the npm ls — parseable | wc -l command.

Final Words

NPM provides a vast amount of packages to make our development fast and easy. Even though these dependencies are free and editable, they have licenses bound to protect them in different means. Besides, these licenses state the terms, conditions, and warranties applicable to a specific package.

However, one of the biggest challenges is analyzing the licenses of hundreds of packages or dependencies used in a project. For this, I have used a package named license-checker.

Although there are several other similar packages like legally and npm-license-crawler they are not popular as license-checker.

The license-checker provides a comprehensive breakdown of license details of every NPM package used. Therefore, we don’t need to go through the packages manually to check for the license details.

So, don’t wait anymore; check the licenses of your project dependencies today by following the steps mentioned in the article.

Thank you for Reading.