License Compliance

STDIOregistry active

Summary

Scans your npm dependencies for license violations by walking node_modules and checking each package against configurable policies. Exposes two tools: check_licenses takes a project path and policy preset (permissive, weak-copyleft, copyleft, or custom SPDX expressions) and returns a markdown report flagging GPL contamination and other issues with full dependency chains showing how problems entered your tree. explain_license gives plain English breakdowns of any SPDX license including permissions and compatibility gotchas. Uses license-checker-rseidelsohn under the hood with SPDX normalization and satisfies logic. Runs via npx, requires an installed node_modules to scan.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

license-compliance-mcp

MCP server that scans npm project dependencies for license compliance issues. Catch GPL contamination before code ships.

Tools

`check-licenses`

Scan a project's npm dependencies against a license policy and get a detailed compliance report.

Parameters:

path (required) — Absolute path to the project root
policy (optional, default: "permissive") — Policy preset or custom SPDX expression
- "permissive" — Only MIT, ISC, BSD, Apache-2.0, etc.
- "weak-copyleft" — Adds LGPL, MPL-2.0, EPL-2.0
- "copyleft" — Adds GPL, AGPL
- Custom: "(MIT OR Apache-2.0)" — Any valid SPDX expression

`explain-license`

Get a plain-language explanation of any SPDX license — permissions, conditions, limitations, compatibility, and gotchas.

Parameters:

license (required) — SPDX identifier (e.g., "MIT", "GPL-3.0-only", "Apache-2.0")

Install

Claude Code

claude mcp add license-compliance -- npx -y license-compliance-mcp

Claude Desktop / Cursor

Add to your config (claude_desktop_config.json or .cursor/mcp.json):

{
  "mcpServers": {
    "license-compliance": {
      "command": "npx",
      "args": ["-y", "license-compliance-mcp"]
    }
  }
}

How It Works

Scans node_modules using license-checker-rseidelsohn
Normalizes license strings to valid SPDX using spdx-correct
Evaluates each package against the policy using spdx-satisfies
Traces dependency chains to show how problematic packages entered the project
Generates a markdown report grouped by severity (critical > warning > info)

Requirements

Node.js >= 18
Project must have node_modules installed (npm install)

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Registryactive

Packagelicense-compliance-mcp

TransportSTDIO

UpdatedMar 6, 2026

View on GitHub

Tools

check-licenses

Scan a project's npm dependencies against a license policy and get a detailed compliance report.

Parameters:

path (required) — Absolute path to the project root

policy (optional, default: "permissive") — Policy preset or custom SPDX expression

"permissive" — Only MIT, ISC, BSD, Apache-2.0, etc.
"weak-copyleft" — Adds LGPL, MPL-2.0, EPL-2.0
"copyleft" — Adds GPL, AGPL
Custom: "(MIT OR Apache-2.0)" — Any valid SPDX expression

explain-license

Get a plain-language explanation of any SPDX license — permissions, conditions, limitations, compatibility, and gotchas.

Parameters:

license (required) — SPDX identifier (e.g., "MIT", "GPL-3.0-only", "Apache-2.0")

Install

Claude Code

claude mcp add license-compliance -- npx -y license-compliance-mcp

Claude Desktop / Cursor

Add to your config (claude_desktop_config.json or .cursor/mcp.json):

{ "mcpServers": { "license-compliance": { "command": "npx", "args": ["-y", "license-compliance-mcp"] } } }

How It Works

Scans node_modules using license-checker-rseidelsohn

Normalizes license strings to valid SPDX using spdx-correct

Evaluates each package against the policy using spdx-satisfies

Traces dependency chains to show how problematic packages entered the project

Generates a markdown report grouped by severity (critical > warning > info)