License Compliance FAQs

Question 1

What is License Compliance?

Accepted Answer

License Compliance is a tool that scans your npm project's dependencies to identify and report potential software license compliance issues, helping you proactively avoid legal risks and ensure adherence to open-source licenses.

Question 2

Can I define custom license policies?

Accepted Answer

Yes, you can select from predefined policy presets (like 'permissive' or 'copyleft') or define your own highly specific license policy using any valid SPDX expression to tailor compliance checks to your project's needs.

Question 3

Does it help me understand open source licenses?

Accepted Answer

Absolutely. The `explain-license` command provides clear, plain-language explanations for any SPDX license, detailing its permissions, conditions, limitations, compatibility, and potential 'gotchas' to help you make informed decisions.

Question 4

What kind of reports does License Compliance generate?

Accepted Answer

It generates comprehensive markdown compliance reports grouped by severity (critical, warning, info). These reports highlight problematic packages, explain the issues, and trace their paths through your project's dependency chains.

Question 5

How does it check for license issues in my project?

Accepted Answer

It scans your `node_modules` directory, normalizes detected license strings to valid SPDX identifiers, and then evaluates each package against your chosen or custom license policy, generating a detailed report on any violations.

License Compliance

License Compliance

Key Features

Use Cases

Key Features

Use Cases