However, this comes at a price. The more dependencies you rely upon in your projects, the higher the chance one of those dependencies, or one of its dependencies, has a restrictive license that requires you to fulfill some unusual obligation.
Did you know that some open source software licenses require you to disclose your source code in its entirety if you use a package with such a license, such as the
Or that there are software licenses that require you to explicitly mention the software in all of your product's advertising materials, such as the original
BSD 4-Clause license?
Some of these obligations are not easily met for commercial projects, which are usually closed source. Every organization has these, yes, even GitHub and npm do not open source all of their code.
Chances are, if your project has over 15 dependencies, at least one of their dependencies or their dependencies' dependencies is using a restrictive license with unusual obligations. If you don't check thoroughly and fulfill such obligations, you're susceptible to legal action by the package author(s), even if your project is free to use and open sourced.
Now, if you were to commercially distribute your project using a dependency with an unmet obligation, and that third party were to find out about it, well, let's hope that never happens.
You can easily prevent this from ever happening by using a new tool I released called
tldrlegal is a Node.js command-line tool that checks your dependencies for license requirements using a legal resource called tldrlegal.com, which provides plain English software license interpretations.
tldrlegal makes use of legally, a Node.js package that does an excellent job at determining your dependencies' licenses, using their
package.json file, the
README.md file, and the
LICENSE file, since package maintainers use either of those to mention their license of choice. It turns out this is not the easiest of tasks, but
legally still manages to do it with great accuracy.
tldrlegal.com lets you find pretty much any popular software license, and be able to quickly understand what you can and can't do with that license, as well as what you must do if you make use of software with such license. Without this website,
tldrlegal could not exist.
How to use tldrlegal
tldrlegal globally via
npm and run it in your project directory. The output will contain a summary and detailed information for each package with a licensing requirement, such as credit attribution, source disclosure, etc.
npm install -g tldrlegal cd my-js-project tldrlegal
If any license restrictions are found,
tldrlegal will output them to the console, along with a brief description:
That's it, let me know what you think and if you have any ideas on how to improve
No legal-advising tool is ever complete without a proper disclaimer.
- This tool is not a replacement for proper legal consultation.
- Please be advised that the information provided by this tool may not be 100% accurate.