{"analyzedAt":"2022-11-18T00:05:37.326Z","collected":{"metadata":{"name":"licensee","scope":"unscoped","version":"10.0.0","description":"check dependency licenses against rules","date":"2022-11-17T17:19:15.568Z","author":{"name":"Kyle E. Mitchell","email":"kyle@kemitchell.com","url":"https://kemitchell.com/","username":"kemitchell"},"publisher":{"username":"ljharb","email":"ljharb@gmail.com"},"maintainers":[{"username":"kemitchell","email":"kyle@kemitchell.com"},{"username":"ljharb","email":"ljharb@gmail.com"}],"contributors":[{"name":"Jakob Krigovsky","email":"jakob@krigovsky.com"},{"name":"Brett Zamir","email":"brett@brett-zamir.name"},{"name":"Andrew Monks","email":"a@monks.co"}],"repository":{"type":"git","url":"git+https://github.com/jslicense/licensee.js.git"},"links":{"npm":"https://www.npmjs.com/package/licensee","homepage":"https://github.com/jslicense/licensee.js#readme","repository":"https://github.com/jslicense/licensee.js","bugs":"https://github.com/jslicense/licensee.js/issues"},"license":"Apache-2.0","dependencies":{"@blueoak/list":"^9.0.0","@npmcli/arborist":"^6.1.2","correct-license-metadata":"^1.4.0","docopt":"^0.6.2","has":"^1.0.3","npm-license-corrections":"^1.6.2","semver":"^7.3.8","spdx-expression-parse":"^3.0.1","spdx-expression-validate":"^2.0.0","spdx-osi":"^3.0.0","spdx-whitelisted":"^1.0.0"},"devDependencies":{"aud":"^2.0.1","rimraf":"^3.0.2","run-parallel":"^1.2.0","spawn-sync":"^2.0.0","standard":"^14.3.1","tap":"^16.3.0"},"releases":[{"from":"2022-10-19T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":2},{"from":"2022-08-20T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":4},{"from":"2022-05-22T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":4},{"from":"2021-11-18T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":4},{"from":"2020-11-18T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":5}],"hasTestScript":true,"hasSelectiveFiles":true,"readme":"# licensee\n\nCheck npm package dependency license metadata against rules.\n\n## Configuration\n\nLicensee accepts two kinds of configuration:\n\n1. a rule about permitted licenses\n2. a package allowlist of name-and-range pairs\n\nYou can set configuration with command flags or a `.licensee.json`\nfile at the root of your package, like so:\n\n```json\n{\n  \"licenses\": {\n    \"spdx\": [\n      \"MIT\",\n      \"BSD-2-Clause\",\n      \"BSD-3-Clause\",\n      \"Apache-2.0\"\n    ]\n  },\n  \"packages\": {\n    \"optimist\": \"<=0.6.1\"\n  },\n  \"corrections\": false,\n  \"ignore\": [\n    {\"scope\": \"kemitchell\"},\n    {\"prefix\": \"commonform-\"},\n    {\"author\": \"Kyle E. Mitchell\"}\n  ]\n}\n```\n\nThe `licenses` object adds licenses to an allowlist.\nAny package with [standard license metadata][metadata]\nthat satisfies that allowlist according to\n[spdx-whitelisted][allowed] will not cause an error.\n\n[parse]: https://www.npmjs.com/package/spdx-expression-parse\n[allowed]: https://www.npmjs.com/package/spdx-whitelisted\n\nInstead of allowlisting each license by SPDX identifier,\nyou can allowlist categories of licenses.\n\nFor example, you can specify a minimum Blue Oak Council [license\nrating]---lead, bronze, silver, or gold---like so:\n\n[license rating]: https://blueoakcouncil.org/list\n\n```json\n{\n  \"licenses\": {\n    \"blueOak\": \"bronze\"\n  }\n}\n```\n\nYou can combine categories and specific license identifiers, too:\n\n```json\n{\n  \"licenses\": {\n    \"spdx\": [\"CC-BY-4.0\"],\n    \"blueOak\": \"gold\"\n  }\n}\n```\n\nThe `packages` property is a map from package name to a\n[node-semver][semver] Semantic Versioning range.  Packages whose\nlicense metadata don't match the SPDX license expression in\n`licenses` but have a name and version described in `packages`\nwill not cause an error.\n\n[metadata]: https://docs.npmjs.com/files/package.json#license\n[semver]: https://www.npmjs.com/package/semver\n\nThe `corrections` flag toggles community corrections to npm\npackage license metadata.  When enabled, `licensee` will check\nagainst `license` values from [npm-license-corrections] when\navailable, and also use [correct-license-metadata] to try to\ncorrect old-style `licenses` arrays and other unambiguous, but\ninvalid, metadata.\n\n[npm-license-corrections]: https://www.npmjs.com/package/npm-license-corrections\n\n[correct-license-metadata]: https://www.npmjs.com/package/correct-license-metadata\n\nThe optional `ignore` array instructs `licensee` to approve packages\nwithout considering their `license` metadata.  Ignore rules can take\none of three forms:\n\n1.  `{\"scope\":\"x\"}` ignores all packages in scope `x`, like `@x/y`.\n\n2.  `{\"prefix\":\"x\"}` ignores all packages whose names start with `x`,\n    but not scoped packages whose scopes do not match, like `@y/x`.\n\n3.  `{\"author\":\"x\"}` ignores all packages whose authors' names,\n    e-mail addresses, or URLs contain `x`.\n\nAll ignore rules are case-insensitive.\n\n## Use\n\nTo install and use `licensee` globally:\n\n```bash\nnpm install --global licensee\ncd your-package\nlicensee --init\nlicensee\n```\n\nThe `licensee` script prints a report about dependencies and their\nlicense terms to standard output.  It exits with status `0` when all\npackages in `./node_modules` meet the configured licensing criteria\nand `1` when one or more do not.\n\nTo install it as a development dependency of your package:\n\n```bash\ncd your-package\nnpm install --save-dev licensee\n```\n\nConsider adding `licensee` to your npm scripts:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee\"\n  }\n}\n```\n\nTo check only production dependencies, ignoring development dependencies,\nuse `--production` flag:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee --production\"\n  }\n}\n```\n\nFor output as newline-delimited JSON objects, for further processing:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee --ndjson\"\n  }\n}\n```\n\nTo skip the readout of license information:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee --quiet\"\n  }\n}\n```\n\nIf you want a readout of dependency information, but don't want\nyour continuous integration going red, you can ignore `licensee`'s\nexit code:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee || true\"\n  }\n}\n```\n\nTo save the readout of license information to a file:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee | tee LICENSES || true\"\n  }\n}\n```\n\nAlternatively, for a readout of just packages without approved licenses:\n\n```json\n{\n  \"scripts\": {\n    \"posttest\": \"licensee --errors-only\"\n  }\n}\n```\n\n## JavaScript Module\n\nThe package exports an asynchronous function of three arguments:\n\n1. A configuration object in the same form as `.licensee.json`.\n\n2. The path of the package to check.\n\n3. An error-first callback that yields an array of objects, one per\n   dependency."},"npm":{"downloads":[{"from":"2022-11-17T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":0},{"from":"2022-11-11T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":55099},{"from":"2022-10-19T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":305899},{"from":"2022-08-20T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":1324197},{"from":"2022-05-22T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":2320060},{"from":"2021-11-18T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":2957867}],"starsCount":3},"github":{"homepage":"https://www.npmjs.com/package/licensee","starsCount":177,"forksCount":23,"subscribersCount":9,"issues":{"count":85,"openCount":6,"distribution":{"3600":12,"10800":7,"32400":14,"97200":13,"291600":9,"874800":4,"2624400":7,"7873200":3,"23619600":6,"70858800":4,"212576400":6},"isDisabled":false},"contributors":[{"username":"kemitchell","commitsCount":177},{"username":"brettz9","commitsCount":5},{"username":"ljharb","commitsCount":5},{"username":"bnb","commitsCount":3},{"username":"janl","commitsCount":2},{"username":"amonks","commitsCount":2},{"username":"sonicdoe","commitsCount":1},{"username":"plampila","commitsCount":1},{"username":"lencioni","commitsCount":1},{"username":"ericcornelissen","commitsCount":1}],"commits":[{"from":"2022-11-11T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":6},{"from":"2022-10-19T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":7},{"from":"2022-08-20T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":21},{"from":"2022-05-22T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":31},{"from":"2021-11-18T00:00:00.000Z","to":"2022-11-18T00:00:00.000Z","count":31}]},"source":{"files":{"readmeSize":4665,"testsSize":172151},"linters":["standard"]}},"evaluation":{"quality":{"carefulness":0.9199999999999999,"tests":0.6,"health":1,"branding":0},"popularity":{"communityInterest":222,"downloadsCount":441399,"downloadsAcceleration":1719.591286149163,"dependentsCount":0},"maintenance":{"releasesFrequency":1,"commitsFrequency":0.9056917808219178,"openIssues":1,"issuesDistribution":0.9}},"score":{"final":0.6802171737861724,"detail":{"quality":0.8260177603850618,"popularity":0.23555603289435306,"maintenance":0.9999063833075152}}}