@nodesecure/ntlp

npm tarball license parser and conformance checker

Usage no npm install needed!

<script type="module">
  import nodesecureNtlp from 'https://cdn.skypack.dev/@nodesecure/ntlp';
</script>

README

npm tarball license parser

version Maintenance Security Responsible Disclosure mit dep build

Fetch all licenses and their SPDX conformance from a given npm tarball.

Requirements

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/ntlp
# or
$ yarn add @nodesecure/ntlp

Usage example

import { fileURLToPath } from "url";
import { dirname } from "path";

import parseLicense from "@nodesecure/ntlp";

// CONSTANTS
const __dirname = dirname(fileURLToPath(import.meta.url));

const license = await parseLicense(__dirname);
console.log(license);

Return the following interface

interface license {
  uniqueLicenseIds: string[];
  spdxLicenseLinks: string[];
  spdx: {
    osi: boolean;
    fsf: boolean;
    fsfAndOsi: boolean;
    includesDeprecated: boolean;
  },
  from: string;
}

interface result {
  licenses: license[];
  hasMultipleLicenses: boolean;
  uniqueLicenseIds: string[];
}

API

parseLicense(dest: string): Promise< ntlp.result >

parse a given tarball directory and return a result interface.

Contributors ✨

All Contributors

Thanks goes to these wonderful people (emoji key):


Gentilhomme
💻 📖 👀 🛡️ 🐛
Tony Gorez
💻 📖 👀
Quentin Lepateley
📖
Nicolas Hallaert
📖
Vincent Dhennin
💻

License

MIT