Does this replace the need for a legal review?

No, this is a technical scanning tool designed to assist developers and compliance officers by surfacing data; it should be used as an input for legal counsel.

Can it generate a NOTICE file for my project?

Yes, the skill produces a formatted THIRD-PARTY SOFTWARE NOTICES block that includes package names, versions, and required attribution text.

How does it handle license conflicts?

It evaluates the compatibility between your project's outbound license and the inbound licenses of your dependencies, flagging risks like GPL contamination.

Does it detect transitive dependencies?

Yes, it uses native package manager commands to scan both direct and transitive (sub-level) dependencies to ensure full coverage.

Which package managers are supported by this skill?

The skill supports major ecosystems including npm (Node.js), NuGet (.NET), pip/poetry (Python), and Maven/Gradle (Java).

Open Source License Scanner

Name: Open Source License Scanner
Author: melodic-software

bymelodic-software

•

Security & Testing

Analyzes project dependencies to ensure open-source license compliance, detect conflicts, and generate detailed legal reports.

This skill automates the complex task of auditing open-source licenses across your project's entire dependency tree. It supports major ecosystems including Node.js, .NET, Python, and Java, identifying permissive and copyleft licenses to flag potential legal risks. Beyond simple detection, it checks for license compatibility, identifies 'copyleft contamination' risks, and generates a structured compliance report including a ready-to-use NOTICE file, making it an essential tool for enterprise software development, security audits, and legal preparation.

Key Features

01Classification of licenses into Permissive, Weak Copyleft, and Strong Copyleft categories.

02Compatibility assessment to flag inbound versus outbound license conflicts.

0338 GitHub stars

04Automated generation of comprehensive compliance reports and third-party attribution files.

05Automatic project type detection for Node.js, .NET, Python, and Java environments.

06Deep analysis of direct and transitive dependencies using standard SPDX identifiers.

Use Cases

01Vetting new dependencies to ensure they do not introduce prohibited copyleft licenses into a codebase.

02Automatically generating third-party attribution documents and NOTICE files for new releases.

03Preparing a software project for an enterprise security or legal compliance audit.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins scan-licenses

For use in Claude.ai and ChatGPT

Download Skill