Can it generate files for legal teams?

Yes, it provides commands to generate comprehensive attribution files and industry-standard SBOMs in CycloneDX or SPDX formats for compliance reporting.

What tools does this skill utilize?

It primarily leverages license-checker, @cyclonedx/cyclonedx-npm, and spdx-sbom-generator to perform comprehensive dependency scans and report generation.

How does this skill help with GPL licenses?

It identifies copyleft licenses like GPL and allows you to set up automated gates to flag or block them according to your project policy to prevent unwanted viral licensing effects.

Does it support automation in the development workflow?

Absolutely. It includes configurations for Husky pre-commit hooks and CI/CD pipeline steps to ensure no non-compliant licenses are introduced into the codebase.

License Compliance

Name: License Compliance
Author: IvanTorresEdge

byIvanTorresEdge

0•

安全与测试

Automates license checking and dependency audits for JavaScript projects to ensure legal compliance and mitigate risk.

This skill streamlines the process of managing npm dependency licenses by providing automated tools for auditing, policy enforcement, and compliance reporting. It helps developers identify permissive and copyleft licenses, set up CI/CD gates via license-checker, and generate required attribution files or Software Bill of Materials (SBOM). Whether you are preparing for a release or vetting new packages, this skill ensures your project adheres to legal standards and prevents accidental inclusion of incompatible open-source licenses.

主要功能

01Attribution file and SBOM generation (CycloneDX/SPDX)

02Categorization of permissive vs. copyleft licenses

030 GitHub stars

04Automated license auditing using license-checker

05CI/CD integration and pre-commit hook setup

06Custom license policy definition and exception tracking

使用场景

01Auditing dependencies before a production release

02Generating standardized license attribution for distribution

03Evaluating the legal risk of new third-party packages

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ivantorresedge/molcajete.ai license-compliance

For use in Claude.ai and ChatGPT

Download Skill