Project Understanding

License Compliance Checker

Scan all dependencies for license compatibility. Flag GPL contamination, missing licenses, and compliance risks before they become legal problems.

Install

Get the CLI Tool

Run the license checker locally as an MCP server, or try it online below.

npx @clinetools/license-check
Requires Node.js 18+
  • Scans all direct and transitive dependencies for license info
  • Detects GPL contamination that could force open-sourcing your code
  • Flags missing licenses, unknown SPDX identifiers, and dual-licensed packages
  • Supports npm, pip, Go modules, Cargo, and Composer ecosystems
  • Preference conversation on first run — configure your license policy
Tutorial

How to Use It

Three ways to check license compliance — pick the one that fits your workflow.

1

Try Online

Paste a package.json below to scan for license risks — no install needed.

↓ Jump to interactive demo
2

Use via CLI

Run as a local MCP server. On first run it asks about your license policy.

npx @clinetools/license-check
3

Add to Cline / Claude Code

Add to your MCP settings so your agent checks licenses automatically.

"license-check": { "command": "npx", "args": ["@clinetools/license-check"] }

MCP Client Configuration

{
  "mcpServers": {
    "license-check": {
      "command": "npx",
      "args": ["@clinetools/license-check"]
    }
  }
}

Example: Audit Before Publishing

// Prompt to your AI agent:
"Check all my dependencies for license
compatibility before I publish to npm"

// The agent calls:
check_licenses({
  project_path: "./",
  policy: "permissive-only",
  include_transitive: true
})

// Output shows each dependency's license,
// compatibility status, and risk level

Preference Conversation (First Run)

// On first run, the tool asks:

1. "What's your project license?"
   [x] MIT
   [ ] Apache-2.0
   [ ] ISC
   [ ] Proprietary / Closed Source

2. "Which licenses are acceptable?"
   [x] Permissive only (MIT, BSD, ISC, Apache)
   [ ] Allow weak copyleft (LGPL, MPL)
   [ ] Allow all open source
   [ ] Custom allowlist

3. "How should I handle missing licenses?"
   [x] Flag as high risk
   [ ] Flag as warning
   [ ] Ignore

// Policy saved to .clinetools/license-policy.json
// Remembered for all future runs
Live Demo

Try It Online

Paste a package.json or try a demo scenario to scan for license risks.

Paste package.json

We analyze dependency licenses for compatibility and compliance risks

Try a demo:

Paste a package.json and click Check Licenses to scan for compliance risks.

Dependencies

Learn

Why License Compliance Matters

One incompatible dependency can force you to open-source your entire codebase or face legal action.

GPL Contamination

If any dependency uses GPL, your entire project may be required to adopt GPL too. This "viral" clause means you must open-source your proprietary code — or remove the dependency entirely.

Missing Licenses

Packages without a license are technically "all rights reserved" — you have no legal right to use them. This is a ticking time bomb in your dependency tree.

Transitive Risks

Your direct dependencies may be MIT, but their dependencies might not be. A GPL package buried three levels deep still triggers the viral clause. You need to scan the full tree.

Enterprise Compliance

Enterprise customers and acquirers perform license audits. Failing a license audit can block deals worth millions. Automated scanning catches issues before they become dealbreakers.

Dual Licensing Traps

Some packages offer dual licenses (e.g., GPL + Commercial). If you don't purchase the commercial license, the GPL terms apply by default. Always verify which license your usage falls under.

Know Your Licenses Before You Ship

Add the License Compliance Checker to your agent's toolkit and catch legal risks automatically.

View Plans