Open Source License Check

This article demonstrates how to quickly check the type of licenses used in your project's dependencies.


Ruby Gems

Install license finder from https://github.com/pivotal/LicenseFinder

gem install license_finder

Run the gem:

bundle exec license_finder

Sample Results:

actioncable, 8.0.0, MIT
actionmailbox, 8.0.0, MIT
actionmailer, 8.0.0, MIT
actionpack, 8.0.0, MIT
actiontext, 8.0.0, MIT
actionview, 8.0.0, MIT
activejob, 8.0.0, MIT
activemodel, 8.0.0, MIT
activerecord, 8.0.0, MIT
activestorage, 8.0.0, MIT
activesupport, 8.0.0, MIT
addressable, 2.8.7, "Apache 2.0"
airbrussh, 1.5.3, MIT
ast, 2.4.2, MIT
base64, 0.2.0, "Simplified BSD, ruby"
bcrypt_pbkdf, 1.1.1, MIT

Composer Packages

Install license checker from https://github.com/dominikb/composer-license-checker

composer require --dev dominikb/composer-license-checker

Run the script:

./vendor/bin/composer-license-checker report

Sample Result:

Looking up MIT ...
Looking up Apache-2.0 ...
Looking up BSD-3-Clause ...

Count 61 - MIT (https://tldrlegal.com/license/mit-license)
+-----------------+-------------+-------------------+
| CAN             | CAN NOT     | MUST              |
+-----------------+-------------+-------------------+
| Commercial  Use | Hold Liable | Include Copyright |
| Modify          |             | Include License   |
| Distribute      |             |                   |
| Sublicense      |             |                   |
| Private Use     |             |                   |
+-----------------+-------------+-------------------+

Count 1 - Apache-2.0 (https://tldrlegal.com/license/apache-license-2-0-apache-2-0)
+-------------------+---------------+-------------------+
| CAN               | CAN NOT       | MUST              |
+-------------------+---------------+-------------------+
| Commercial  Use   | Hold Liable   | Include Copyright |
| Modify            | Use Trademark | Include License   |
| Distribute        |               | State Changes     |
| Sublicense        |               | Include Notice    |
| Place Warranty    |               |                   |
| Private Use       |               |                   |
| Use Patent Claims |               |                   |
+-------------------+---------------+-------------------+

Count 1 - BSD-3-Clause (https://tldrlegal.com/license/bsd-3-clause-license-revised)
+-----------------+---------------+-------------------+
| CAN             | CAN NOT       | MUST              |
+-----------------+---------------+-------------------+
| Commercial  Use | Use Trademark | Include Copyright |
| Modify          | Hold Liable   | Include License   |
| Distribute      |               |                   |
| Sublicense      |               |                   |
| Place Warranty  |               |                   |
+-----------------+---------------+-------------------+

Npm Packages

Install license checker from https://github.com/RSeidelsohn/license-checker-rseidelsohn

npm install -g license-checker-rseidelsohn

Run the script:

license-checker-rseidelsohn

Sample Result:

├─ @jridgewell/gen-mapping@@0.3.5
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/jridgewell/gen-mapping
│  ├─ publisher: Justin Ridgewell
│  ├─ email: justin@ridgewell.name
│  ├─ path: /project/path/node_modules/@jridgewell/gen-mapping
│  └─ licenseFile: /project/path/node_modules/@jridgewell/gen-mapping/LICENSE
├─ @jridgewell/resolve-uri@@3.1.0
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/jridgewell/resolve-uri
│  ├─ publisher: Justin Ridgewell
│  ├─ email: justin@ridgewell.name
│  ├─ path: /project/path/node_modules/@jridgewell/resolve-uri
│  └─ licenseFile: /project/path/node_modules/@jridgewell/resolve-uri/LICENSE
├─ @jridgewell/set-array@@1.2.1
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/jridgewell/set-array
│  ├─ publisher: Justin Ridgewell
│  ├─ email: justin@ridgewell.name
│  ├─ path: /project/path/node_modules/@jridgewell/set-array
│  └─ licenseFile: /project/path/node_modules/@jridgewell/set-array/LICENSE
├─ @jridgewell/source-map@@0.3.6
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/jridgewell/source-map
│  ├─ publisher: Justin Ridgewell
│  ├─ email: justin@ridgewell.name
│  ├─ path: /project/path/node_modules/@jridgewell/source-map
│  └─ licenseFile: /project/path/node_modules/@jridgewell/source-map/LICENSE
├─ @jridgewell/sourcemap-codec@@1.4.14
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/jridgewell/sourcemap-codec
│  ├─ publisher: Rich Harris
│  ├─ path: /project/path/node_modules/@jridgewell/sourcemap-codec
│  └─ licenseFile: /project/path/node_modules/@jridgewell/sourcemap-codec/LICENSE
├─ @jridgewell/trace-mapping@@0.3.25
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/jridgewell/trace-mapping
│  ├─ publisher: Justin Ridgewell
│  ├─ email: justin@ridgewell.name
│  ├─ path: /project/path/node_modules/@jridgewell/trace-mapping
│  └─ licenseFile: /project/path/node_modules/@jridgewell/trace-mapping/LICENSE
├─ @popperjs/core@@2.11.6
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/popperjs/popper-core
│  ├─ publisher: Federico Zivolo
│  ├─ email: federico.zivolo@gmail.com
│  ├─ path: /project/path/node_modules/@popperjs/core
│  └─ licenseFile: /project/path/node_modules/@popperjs/core/LICENSE.md
├─ @types/estree@@1.0.6
│  ├─ licenses: MIT
│  ├─ repository: https://github.com/DefinitelyTyped/DefinitelyTyped
│  ├─ path: /project/path/node_modules/@types/estree
│  └─ licenseFile: /project/path/node_modules/@types/estree/LICENSE

 


AI Summary
gpt-4o-2024-08-06 2024-11-24 20:22:29
The article outlines how to verify open-source licenses for project dependencies using various tools. It details the installation and usage of specific license checkers for Ruby Gems, Composer packages, and Npm packages, offering links to the respective tools and illustrating sample results for each.
Chrome On-device AI 2024-12-06 17:42:49

Share Article