Summary
Gives Claude a single tool to scan package.json files for license compliance issues. Point it at your dependencies and it fetches license metadata from the npm registry, flags GPL or AGPL packages that conflict with permissive project licenses, and returns a structured report with risk levels. Useful when you need to catch copyleft contamination before shipping proprietary code or want a quick audit of what licenses you're actually bundling. Caps analysis at 20 dependencies for speed. Only works with npm packages, so Python or Rust projects are out of scope. Private packages show up as unknown since the registry won't have their license data.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
mcp-license-audit
MCP server that audits your project's dependency licenses for compatibility issues. Flags GPL/AGPL conflicts and generates compliance reports.
What It Does
- Parses a
package.jsonfile (dependencies + devDependencies) - Fetches license info for each package from the npm registry
- Classifies licenses: permissive (MIT, Apache, BSD, ISC), copyleft (GPL, AGPL), weak-copyleft (LGPL, MPL), unknown
- Detects conflicts (e.g., GPL dependency in an MIT-licensed project)
- Returns a structured JSON report with risk level and summary
Install
npm install -g mcp-license-audit
# or run directly:
npx mcp-license-audit
Configure in Claude Code
Add to your .claude/mcp.json or ~/.claude/mcp.json:
{
"mcpServers": {
"license-audit": {
"command": "npx",
"args": ["mcp-license-audit"]
}
}
}
Or if installed globally:
{
"mcpServers": {
"license-audit": {
"command": "mcp-license-audit"
}
}
}
Tool: audit-licenses
Input: packageJson — the full contents of a package.json file as a string.
Output: JSON report:
{
"totalDependencies": 15,
"analyzed": 15,
"licenses": {
"MIT": ["express", "lodash"],
"Apache-2.0": ["typescript"],
"GPL-3.0": ["some-package"],
"unknown": ["private-pkg"]
},
"conflicts": [
{
"package": "some-package",
"license": "GPL-3.0",
"issue": "GPL dependency in MIT project — must open-source your code if distributed"
}
],
"riskLevel": "medium",
"summary": "15 deps analyzed. 1 GPL conflict found. 1 unknown license."
}
Risk levels: low (no copyleft), medium (weak copyleft or many unknowns), high (GPL/AGPL found).
Limits
- Analyzes first 20 dependencies for speed
- Only supports npm packages (no pip/cargo/gem support yet)
- License data comes from the npm registry — private packages return "unknown"
Build from Source
npm install
npm run build
node dist/index.js
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →