Disclaimer: I am not a lawyer and this is not legal advice Let’s explore what licenses are used for and see . the top 5 packages in NPM by stars , a tool I made to analyze your project’s libraries legally #0 Express As expected from this widely used project, there are no surprised since the people working on did their jobs. It’s surprising that a project of this size has 42 total licenses including indirect ones. Wild guess: it is because they split many parts such as into separated libraries. express body-parser legally express -lr , , MIT license ISC License BSD3 Clause #1 Gulp Things are clear here since the recent patch: legally gulp -lr , , , , , , MIT License ISC License CC0 BSD 3 Clause Apache 2.0 CC BY 3.0 Unlicense #2 request We see that not everything is smooth and there is one “license” with the text “SEE LICENSE IN COPYING.txt”: legally request -lr , , , , , , MIT license BSD3 Clause Apache 2.0 ISC License AFL 2.1 BSD 4 Clause CC0 Let’s check which of the packages it has contains this warning: legally request -p in disguise CC0 #3 async Async only depends on lodash: legally async -lr , MIT license CC0 #4 lodash Which doesn’t depend on any other package so this one is easy, let’s show only the packages: legally loadsh -p Sure enough has both licenses lodash’s LICENSE This list is 0-indexed, so don’t look for library #5 (; All of them Let’s cut to the chase and see them all together. It will take a while though. legally express gulp request async lodash -lr Seems like no broken licenses are available for the top-5 libraries, so we can safely use them. Are your libraries as safe as those? Check them out: legally ANY_OR_YOUR_LIBRARY Or just go to your project and check what licenses you are using: cd ./MY_PROJECTlegally If you want this or similar functionality included in npm by default (in reactions, not as a comment). 👍 my feature request in NPM repository for question or suggestions or . Thanks. email me open an issue in Github
