til

Today I Learned: collection of notes, tips and tricks and stuff I learn from day to day working with computers and technology as an open source contributor and product manager

View project on GitHub

Extracting Licenses from package-lock.json

I am doing some analysis on what licenses we are exposed to in our stack.

For JavaScript the information is readily available and can be extracted from:

  • package-lock-json

You can use jq to boil it down.

cat package-lock.json | jq -f licenses.jq

The contents of licenses.jq:

if .packages then
  .packages
  | to_entries[]
  | select(.key != "")
  | {name: (.key | sub("^node_modules/"; "")), license: .value.license}
elif .dependencies then
  .dependencies
  | to_entries[]
  | {name: .key, license: .value.license}
else
  empty
end