You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A command line tool to scan the dependencies of a project and detect their Licenses. I wrote this while building an SCA Tool.
The tool scans the metadata file (e.g. pom.xml for maven based projects and package.json for npm) and creates a dependency tree by recursively resolving each dependency from respective repositories. The license (if found) is analyzed and matched with the licenses in the SPDX License Database using methods of NLP. The motivation for the algorithm of license detection is taken from [Link](https://github.com/go-enry/go-license-detector).
The tool scans the metadata file (e.g. pom.xml for maven based projects and package.json for npm) and creates a dependency tree detecting the direct as well as transitive dependencies. The license (if found) is analyzed and matched with the licenses in the SPDX License Database using methods of NLP. The motivation for the algorithm of license detection is taken from [Link](https://github.com/go-enry/go-license-detector).
Expand DownExpand Up
@@ -36,7 +36,7 @@ The tool scans the metadata file (e.g. pom.xml for maven based projects and pack
