License Compliance Check

Goal

Scan a project's dependencies and generate a license compliance report, classifying each dependency as permissive (OK), weak copyleft (MEDIUM), or restrictive (HIGH). Supports 9 ecosystems: JS/TS (pnpm/npm/yarn), Rust (cargo), Python (pip/poetry/uv/pipenv), Swift (SPM), Kotlin (Gradle), Dart (pub), Go (modules), C# (NuGet), and Solidity (Foundry).

When to use

• Checking license compliance before shipping
• Evaluating a new dependency or library
• Preparing for security/legal audits
• Reviewing a project you don't own (use --repo mode)
• Replacing Snyk license compliance checks
• Org-wide license sweeps across multiple GitHub orgs (use --org mode)
• Tracking license compliance posture over time
• Scanning Rust crates for license compliance (via cargo metadata)
• Scanning Python packages for license compliance (via lockfile + PyPI)

When not to use