Detect Risky Licenses in Your npm Dependencies
Upload your package.json and instantly see which dependencies carry GPL, AGPL, or other copyleft licenses that could put your codebase at legal risk.
Cancel anytime. No credit card required for free scan.
{
"summary": { "total": 142, "risky": 3, "safe": 139 },
"risky": [
{ "package": "[email protected]", "license": "GPL-3.0", "risk": "HIGH" },
{ "package": "[email protected]", "license": "AGPL-3.0", "risk": "HIGH" },
{ "package": "[email protected]", "license": "LGPL-2.1", "risk": "MEDIUM" }
]
}Simple Pricing
Everything you need to stay legally safe
- ✓Unlimited package.json scans
- ✓Full dependency tree analysis
- ✓Risk level classification (HIGH / MEDIUM / LOW)
- ✓CI/CD webhook integration
- ✓Team dashboard & history
- ✓Email alerts on new risky deps
- ✓Priority support
FAQ
Which licenses are flagged as risky?
We flag GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.1, LGPL-3.0, EUPL, and other strong or weak copyleft licenses that may require you to open-source your proprietary code.
How does the CI/CD integration work?
Pro subscribers get a unique webhook URL. Add it to your GitHub Actions, GitLab CI, or any pipeline to automatically scan on every pull request and fail the build if high-risk licenses are detected.
Do you store my package.json files?
Files are processed in memory and discarded immediately after the scan. We only store the resulting license report, never your raw dependency files.