Summary
Scans your package.json dependencies and flags license compatibility issues by fetching license data from the npm registry. Exposes an audit_licenses tool that classifies packages into permissive (MIT, Apache), copyleft (GPL, AGPL), weak copyleft (LGPL, MPL), and unknown buckets, then checks for conflicts like GPL dependencies in MIT projects. Returns a JSON report with risk levels (low, medium, high) and specific warnings about viral licenses that could force you to open source your code. Analyzes up to 20 dependencies at a time. Useful when onboarding new dependencies or preparing for commercial distribution where license compliance matters.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
mcp-license-audit
MCP server that audits your project's dependency licenses for compatibility issues. Flags GPL/AGPL conflicts and generates compliance reports.
What It Does
- Parses a
package.jsonfile (dependencies + devDependencies) - Fetches license info for each package from the npm registry
- Classifies licenses: permissive (MIT, Apache, BSD, ISC), copyleft (GPL, AGPL), weak-copyleft (LGPL, MPL), unknown
- Detects conflicts (e.g., GPL dependency in an MIT-licensed project)
- Returns a structured JSON report with risk level and summary
Install
npm install -g mcp-license-audit
# or run directly:
npx mcp-license-audit
Configure in Claude Code
Add to your .claude/mcp.json or ~/.claude/mcp.json:
{
"mcpServers": {
"license-audit": {
"command": "npx",
"args": ["mcp-license-audit"]
}
}
}
Or if installed globally:
{
"mcpServers": {
"license-audit": {
"command": "mcp-license-audit"
}
}
}
Analytics
This server supports MCPcat analytics. To enable usage tracking, session replay, and error monitoring, set the MCPCAT_PROJECT_ID environment variable in your MCP client config:
{
"mcpServers": {
"license-audit": {
"command": "npx",
"args": ["mcp-license-audit"],
"env": {
"MCPCAT_PROJECT_ID": "proj_your_id_here"
}
}
}
}
Without it, the server runs normally with no analytics. See the MCPcat setup guide for details.
Tool: audit-licenses
Input: packageJson — the full contents of a package.json file as a string.
Output: JSON report:
{
"totalDependencies": 15,
"analyzed": 15,
"licenses": {
"MIT": ["express", "lodash"],
"Apache-2.0": ["typescript"],
"GPL-3.0": ["some-package"],
"unknown": ["private-pkg"]
},
"conflicts": [
{
"package": "some-package",
"license": "GPL-3.0",
"issue": "GPL dependency in MIT project — must open-source your code if distributed"
}
],
"riskLevel": "medium",
"summary": "15 deps analyzed. 1 GPL conflict found. 1 unknown license."
}
Risk levels: low (no copyleft), medium (weak copyleft or many unknowns), high (GPL/AGPL found).
Limits
- Analyzes first 20 dependencies for speed
- Only supports npm packages (no pip/cargo/gem support yet)
- License data comes from the npm registry — private packages return "unknown"
Build from Source
npm install
npm run build
node dist/index.js
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →