Open Source Compliance
npm License Auditor
Paste a list of npm packages (name@version) to get license classification and compliance risk tier for each. Flags copyleft, unknown, and dual-licensed packages.
No data is transmitted β everything runs locallyTool
About this tool
npm License Auditor
The npm License Auditor classifies npm package licenses into compliance risk tiers, flagging copyleft, unknown, and dual-licensed packages.
β’ Audit new npm dependencies before adding them to a proprietary project
β’ Identify AGPL-licensed packages in a dependency list before SaaS deployment
β’ Generate a compliance summary for a legal review of open source dependencies
β’ Flag packages with unknown or missing license fields that are all-rights-reserved by default
Affiliate disclosure
Credential and secrets management for teams. 1Password provides enterprise password management and secrets infrastructure for development teams.
View npm credentials with 1Password
External site Β· Independent provider Β· We may receive a commission Β· Not a recommendation
FAQ
What does this tool tell you?
The npm License Auditor classifies npm package licenses into compliance risk tiers, flagging copyleft, unknown, and dual-licensed packages.
What affects the result most?
Paste package.json dependencies and get license classification for each package from embedded license data. Risk tiers: Permissive (MIT/Apache/BSD) β Low risk, Weak copyleft (LGPL/MPL) β Medium, Strong copyleft (GPL/AGPL) β High. AGPL detection: AGPL-licensed npm dependencies in a SaaS product may trigger copyleft for network use.
How should I use the result?
Use the output as a draft that you review against your actual environment. The generated structure is correct by construction; the values it assumes may not match your situation, so treat it as a starting template rather than a finished artifact.
Related tools