The easiest way to check all your npm dependency licenses ✅

TL;DR There are different ways of achieving the necessary results. As one pointed out, the fastest and easiest way is (thanks to new features of npm since I wrote this blog post):

Developing software especially with JavaScript is super easy to start with thanks to npm and the fast way of installing packages. Thanks to EU-GDPR and internal discussions I was curious what kind of licenses I’m using and also if there are some conflicts (not compatible with MIT). Here is my first step-by-step guide how you can

a) Check how many packages you have in your node-modules folder

b) what unique licenses you’re using and if there are conflicts.

I’m using here an example project using mainly Preact (via Preact-CLI ). There is also an awesome Tool license-checker which is doing all the major analysis for us already. Therefore, first of all, I recommend installing license-checker

npm i -g license-checker

First of all, I want to see how many packages I have in my node-modules folder. For this I’m creating a file with all the licenses found in our node-modules in my project folder:

license-checker > licenses.txt

There are different ways to check how many libraries/node modules we are using actively (or passively), in this case we can just use grep

grep ‘licenses:' licenses.txt | wc -l

Thanks to the power of the Unix terminal in this case (Mac OS X) we can use grep to catch a specific string from a text file and afterwards use the pipe operator | to pipe the output to the wc(word count) command. With the -l argument we are only counting the lines provided by our grep command. In my case the output showed me 1271 packages.

As we are now familiar with grep and the pipe operator it is handy to use it also for creating a unique set of licenses we are using.

grep ‘licenses:' licenses.txt | sort -u

With the sort command we can easily sort lines of text files in this case with the -u argument we are receiving only unique lines of the text file. The result would like the following Terminal output:

Image for post
Image for post
CLI Output

At the end, we have a list of 25 unique entries. As you can already see, some of them are unique, some are just the same with different writing like `Apache-2.0` and `Apache License, Version 2.0`.

Based on that we can do a nice comparison if our own project which is using MIT has dependencies to other libraries which might be not compatible.

As developers, we are often using libraries without having a deeper look into the licenses of the libraries and frameworks we use and with the license-checker library and technically one terminal command we can narrow them to just a few.

Thanks to existing tools there shouldn’t be any excuse for developers to not have a basic check about the licenses consumed.

PS. you can check everything just with one command:

license-checker | grep ‘licenses:' | sort -u

PPS.license-checker --summary is creating a similar overview which might be already enough 😀

Image for post
Image for post
summary output

“Don’t think about what might go wrong, think about what could be right.” #javascript #softwareDev #againstHate

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store