Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

nlf

iandotkelly100kMIT2.1.1

Find licenses for a node application and its node_module dependencies

license, licence, checker, finder, audit, legal, dependency, cli

readme

Node License Finder (nlf)

Version Downloads Build Status Known Vulnerabilities Coveralls

nlf is a utility for attempting to identify the licenses of modules in a node.js project.

It looks for license information in package.json, readme and license files in the project. Please note, in many cases the utility is looking for standard strings in these files, such as MIT, BSD, Apache, GPL etc - this is not error free, so if you have any concerns at all about the accuracy of the results, you will need to perform a detailed manual review of the project and its dependencies, reading all terms of any included or referenced license.

Use

nlf can be used programmatically, or from the command line.

Options

  • -c, --csv (Default:false) - output in csv format
  • -d, --no-dev (Default:false) - exclude development dependencies
  • -r, --reach (Default: Infinity) - package depth (reach), 0 is current package.json file only
  • -s, --summary off|simple|detail (Default: simple) - summary information, not available in csv format

CLI

To install:

$ npm install -g nlf

To use:

$ cd my-module
$ nlf

Example output:

archy@0.0.2 [license(s): MIT/X11]
└── package.json:  MIT/X11

commander@0.6.1 [license(s): MIT]
└── readme files: MIT

glob@3.2.3 [license(s): BSD]
├── package.json:  BSD
└── license files: BSD

json-stringify-safe@5.0.0 [license(s): BSD]
├── package.json:  BSD
└── license files: BSD

read-installed@0.2.2 [license(s): BSD]
└── license files: BSD

should@1.2.2 [license(s): MIT]
└── readme files: MIT

LICENSES: BSD, MIT, MIT/X11

For output in CSV format use the -c (or --csv) switch:

$ cd my-module
$ nlf -c

To exclude development dependencies and only analyze dependencies for production:

$ cd my-module
$ nlf -d

Summary Mode

--summary <mode> option, which can be set to "off", "simple" or "detail". This option controls what will be printed in summary in standard format.

  • off turns off summary output
  • simple shows a list of licenses used in the project, the default behavior
  • detail shows all modules in current project and group by licenses. As example below:
LICENSES:
├─┬ BSD
│ ├── amdefine@1.0.0
│ ├── boom@0.4.2
│ ├── cryptiles@0.2.2
│ └── diff@1.4.0
├─┬ BSD-2-Clause
│ └── normalize-package-data@2.3.5
├─┬ Apache-2.0
│ ├── request@2.40.0
│ ├── spdx-correct@1.0.2
│ └── validate-npm-package-license@3.0.1
├─┬ (MIT AND CC-BY-3.0)
│ └── spdx-expression-parse@1.0.1
└─┬ MPL
  └── tough-cookie@2.2.1

Programmatically

var nlf = require('nlf');

nlf.find({ directory: '/User/me/my-project' }, function (err, data) {
    // do something with the response object.
    console.log(JSON.stringify(data));
});

// to only include production dependencies
nlf.find({
    directory: '/User/me/my-project',
    production: true
}, function (err, data) {
    // do something with the response object.
    console.log(JSON.stringify(data));
});

The data returned from find() is an array of modules, each of which is represented by an object as the following example:

{
  "id": "example@0.2.9",
  "name": "example",
  "version": "0.2.9",
  "repository": "http:\/\/github.com\/iandotkelly\/example",
  "directory": "\/Users\/ian\/example",
  "licenseSources": {
    "package": {
      "sources": [
        {
          "license": "MIT",
          "url": "http://opensource.org/MIT"
        }
      ]
    },
    "license": {
      "sources": [
        {
          "filePath": "\/Users\/ian\/Personal\/example\/LICENSE",
          "text": "the text of the license file",
          "names": function() { // function that returns the name of the license if known }
        }
      ]
    },
    "readme": {
      "sources": [
        {
          "filePath": "\/Users\/ian\/Personal\/example\/readme.md",
          "text": "text of the readme"
          "names": function() { // function that returns the name of the license if known }
        }
      ]
    }
  }
}

Each

Tests

To run the unit tests, install development dependencies and run tests with 'gulp'. Requires gulp.js to be installed globally.

# only need to install gulp if you have not done so already
$ npm install -g gulp
$ cd nlf
$ npm install
$ gulp

If you contribute to the project, tests are written in mocha, using should.js or the node.js assert module.

changelog

2.1.1 (March 11, 2019)

  • Fix issue where github.com repository URLs are mangled (thanks @TheSpyder #56)

2.1.0 (March 10, 2019)

  • Handle package.json declaring repository as a string (thanks @bertfroeba #51)
  • Update dependencies

2.0.1 (January 25, 2018)

  • Update dependencies and add travis tests for node 8 and node 9

2.0.0 (May 6, 2017)

  • Refactor to replace 'read-installed' module with 'snyk-resolve-deps' to fix issues caused flattening of the dependency tree when using npm3 #30 #46. While the API and results should appear as before, this is a significant refactor.
  • Update engine to be node >= 4 - this version of nlf does not work on node 0.10+ as before

1.4.3 (February 1, 2017)

  • Update dependencies and add travis tests for node 7 and remove testing on node 0.10 and 0.12

1.4.2 (August 2, 2016)

  • Update dependencies to remove vulnerability in glob-all #40

1.4.1 (July 9, 2016)

  • Removes git+ prefix from git+https repository
  • Fix issue where license key (e.g. MIT) is at the very end of the file
  • Adds Public Domain license
  • Moved MIT license text into a separate LICENSE.md file
  • Sorts list of modules by name@version, not just name

1.4.0 (January 16, 2016)

  • Add support for reporting modules grouped by license

1.3.3 (July 14, 2015)

  • Ignore files that happen to be in node_module or bower_component folders

1.3.2 (July 12, 2015)

  • Support object being used for license or licenses property of package.json
  • Bump development dependencies

1.3.1 (May 10, 2015)

  • Fix issue where a root module without a name or version will result in an exception being thrown
  • Bump dependencies

1.3.0 (Apr 12, 2015)

  • Fix issue where npm modules incorrectly using a string in licenses property was interpreted as an array
  • Add a LICENSES summary to the standard formatter

1.2.1 (Apr 12, 2015)

  • Move project from 'make' to 'gulp' for easier support on Windows
  • Bump dependencies

1.2.0 (Mar 29, 2015)

  • Optimize globbing of files to siginificantly improve performance
  • Sort output data alphabetically
  • Bump dependencies

1.1.0

  • Adds maximum depth feature
  • Bump dependencies (archy@1.0.0)

1.0.2

  • Update read-installed dependency, which now supports semver@3
  • Bump other dependencies

1.0.1

  • Remove shrinkwrap entirely, as it was making unnecessarily go out of date
  • Bump dependencies

1.0.0

Potentially breaking change, only node 0.10 and above supported.

  • Updated glob to version 4.0.0
  • Shrinkwrap file now no-longer tailored to work on node 0.8

0.2.11

This will be the last version supporting node.js 0.8.x. Changes to dependencies are making support of 0.8 difficult, requiring manual editing of shrinkwrap files.

  • Bump dependencies, including read-installed to 2.0.4 & glob to 3.2.11

0.2.10

  • Bump dependencies, particularly commander to 0.2.2

0.2.9

  • Fix
    • Issue where modules with directories with license or readme threw exceptions
  • Bump deps