Open Source License Check
This article demonstrates how to quickly check the type of licenses used in your project's dependencies.
Ruby Gems
Install license finder from https://github.com/pivotal/LicenseFinder
gem install license_finder
Run the gem:
bundle exec license_finder
Sample Results:
actioncable, 8.0.0, MIT
actionmailbox, 8.0.0, MIT
actionmailer, 8.0.0, MIT
actionpack, 8.0.0, MIT
actiontext, 8.0.0, MIT
actionview, 8.0.0, MIT
activejob, 8.0.0, MIT
activemodel, 8.0.0, MIT
activerecord, 8.0.0, MIT
activestorage, 8.0.0, MIT
activesupport, 8.0.0, MIT
addressable, 2.8.7, "Apache 2.0"
airbrussh, 1.5.3, MIT
ast, 2.4.2, MIT
base64, 0.2.0, "Simplified BSD, ruby"
bcrypt_pbkdf, 1.1.1, MIT
Composer Packages
Install license checker from https://github.com/dominikb/composer-license-checker
composer require --dev dominikb/composer-license-checker
Run the script:
./vendor/bin/composer-license-checker report
Sample Result:
Looking up MIT ...
Looking up Apache-2.0 ...
Looking up BSD-3-Clause ...
Count 61 - MIT (https://tldrlegal.com/license/mit-license)
+-----------------+-------------+-------------------+
| CAN | CAN NOT | MUST |
+-----------------+-------------+-------------------+
| Commercial Use | Hold Liable | Include Copyright |
| Modify | | Include License |
| Distribute | | |
| Sublicense | | |
| Private Use | | |
+-----------------+-------------+-------------------+
Count 1 - Apache-2.0 (https://tldrlegal.com/license/apache-license-2-0-apache-2-0)
+-------------------+---------------+-------------------+
| CAN | CAN NOT | MUST |
+-------------------+---------------+-------------------+
| Commercial Use | Hold Liable | Include Copyright |
| Modify | Use Trademark | Include License |
| Distribute | | State Changes |
| Sublicense | | Include Notice |
| Place Warranty | | |
| Private Use | | |
| Use Patent Claims | | |
+-------------------+---------------+-------------------+
Count 1 - BSD-3-Clause (https://tldrlegal.com/license/bsd-3-clause-license-revised)
+-----------------+---------------+-------------------+
| CAN | CAN NOT | MUST |
+-----------------+---------------+-------------------+
| Commercial Use | Use Trademark | Include Copyright |
| Modify | Hold Liable | Include License |
| Distribute | | |
| Sublicense | | |
| Place Warranty | | |
+-----------------+---------------+-------------------+
Npm Packages
Install license checker from https://github.com/RSeidelsohn/license-checker-rseidelsohn
npm install -g license-checker-rseidelsohn
Run the script:
license-checker-rseidelsohn
Sample Result:
├─ @jridgewell/gen-mapping@@0.3.5
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jridgewell/gen-mapping
│ ├─ publisher: Justin Ridgewell
│ ├─ email: justin@ridgewell.name
│ ├─ path: /project/path/node_modules/@jridgewell/gen-mapping
│ └─ licenseFile: /project/path/node_modules/@jridgewell/gen-mapping/LICENSE
├─ @jridgewell/resolve-uri@@3.1.0
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jridgewell/resolve-uri
│ ├─ publisher: Justin Ridgewell
│ ├─ email: justin@ridgewell.name
│ ├─ path: /project/path/node_modules/@jridgewell/resolve-uri
│ └─ licenseFile: /project/path/node_modules/@jridgewell/resolve-uri/LICENSE
├─ @jridgewell/set-array@@1.2.1
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jridgewell/set-array
│ ├─ publisher: Justin Ridgewell
│ ├─ email: justin@ridgewell.name
│ ├─ path: /project/path/node_modules/@jridgewell/set-array
│ └─ licenseFile: /project/path/node_modules/@jridgewell/set-array/LICENSE
├─ @jridgewell/source-map@@0.3.6
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jridgewell/source-map
│ ├─ publisher: Justin Ridgewell
│ ├─ email: justin@ridgewell.name
│ ├─ path: /project/path/node_modules/@jridgewell/source-map
│ └─ licenseFile: /project/path/node_modules/@jridgewell/source-map/LICENSE
├─ @jridgewell/sourcemap-codec@@1.4.14
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jridgewell/sourcemap-codec
│ ├─ publisher: Rich Harris
│ ├─ path: /project/path/node_modules/@jridgewell/sourcemap-codec
│ └─ licenseFile: /project/path/node_modules/@jridgewell/sourcemap-codec/LICENSE
├─ @jridgewell/trace-mapping@@0.3.25
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/jridgewell/trace-mapping
│ ├─ publisher: Justin Ridgewell
│ ├─ email: justin@ridgewell.name
│ ├─ path: /project/path/node_modules/@jridgewell/trace-mapping
│ └─ licenseFile: /project/path/node_modules/@jridgewell/trace-mapping/LICENSE
├─ @popperjs/core@@2.11.6
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/popperjs/popper-core
│ ├─ publisher: Federico Zivolo
│ ├─ email: federico.zivolo@gmail.com
│ ├─ path: /project/path/node_modules/@popperjs/core
│ └─ licenseFile: /project/path/node_modules/@popperjs/core/LICENSE.md
├─ @types/estree@@1.0.6
│ ├─ licenses: MIT
│ ├─ repository: https://github.com/DefinitelyTyped/DefinitelyTyped
│ ├─ path: /project/path/node_modules/@types/estree
│ └─ licenseFile: /project/path/node_modules/@types/estree/LICENSE
AI Summary
gpt-4o-2024-08-06
2024-11-24 20:22:29
The article outlines how to verify open-source licenses for project dependencies using various tools. It details the installation and usage of specific license checkers for Ruby Gems, Composer packages, and Npm packages, offering links to the respective tools and illustrating sample results for each.
Chrome On-device AI
2024-12-06 17:42:49
Share Article