Can it generate files for legal teams?

Yes, it provides commands to generate comprehensive attribution files and industry-standard SBOMs in CycloneDX or SPDX formats for compliance reporting.

What tools does this skill utilize?

It primarily leverages license-checker, @cyclonedx/cyclonedx-npm, and spdx-sbom-generator to perform comprehensive dependency scans and report generation.

How does this skill help with GPL licenses?

It identifies copyleft licenses like GPL and allows you to set up automated gates to flag or block them according to your project policy to prevent unwanted viral licensing effects.

Does it support automation in the development workflow?

Absolutely. It includes configurations for Husky pre-commit hooks and CI/CD pipeline steps to ensure no non-compliant licenses are introduced into the codebase.

License Compliance

Name: License Compliance
Author: IvanTorresEdge

byIvanTorresEdge

安全与测试

Automates license checking and dependency audits for JavaScript projects to ensure legal compliance and mitigate risk.

关于

This skill streamlines the process of managing npm dependency licenses by providing automated tools for auditing, policy enforcement, and compliance reporting. It helps developers identify permissive and copyleft licenses, set up CI/CD gates via license-checker, and generate required attribution files or Software Bill of Materials (SBOM). Whether you are preparing for a release or vetting new packages, this skill ensures your project adheres to legal standards and prevents accidental inclusion of incompatible open-source licenses.

主要功能

Attribution file and SBOM generation (CycloneDX/SPDX)
Categorization of permissive vs. copyleft licenses
0 GitHub stars
Automated license auditing using license-checker
CI/CD integration and pre-commit hook setup
Custom license policy definition and exception tracking

使用场景

Auditing dependencies before a production release
Generating standardized license attribution for distribution
Evaluating the legal risk of new third-party packages

关于

主要功能

Attribution file and SBOM generation (CycloneDX/SPDX)
Categorization of permissive vs. copyleft licenses
0 GitHub stars
Automated license auditing using license-checker
CI/CD integration and pre-commit hook setup
Custom license policy definition and exception tracking

使用场景

Auditing dependencies before a production release
Generating standardized license attribution for distribution
Evaluating the legal risk of new third-party packages