Dependency License Analyzer
Analyze project dependency licenses from package.json or requirements.txt. View license distribution, identify common open-source licenses, detect potential compatibility concerns, and export license reports — all locally in your browser.
Click or drag package.json / requirements.txt here
Supports common dependency files for license extraction
License Summary
No file analyzed yet. Validate an input file to see the license breakdown.
About Dependency License Analyzer
The Dependency License Analyzer is a comprehensive utility that parses your project's dependency files (like `package.json` for Node.js or `requirements.txt` for Python) to analyze the open-source licenses of the packages you use. It categorizes licenses into risk levels (Permissive, Weak Copyleft, Strong Copyleft) and highlights potential compliance concerns to help you audit your dependencies securely and entirely offline.
How to Use
Real-World Examples
Permissive (MIT, Apache-2.0, ISC)
Licenses like MIT, Apache-2.0, and ISC are highly permissive. They generally allow commercial use, modification, and distribution, provided you include the original copyright notice. They carry very low compliance risk.
Strong Copyleft (GPL-2.0, GPL-3.0)
Licenses like GPL require that any derivative work (including your proprietary software if it links to the GPL package) must also be open-sourced under the same GPL license. These carry high compliance risk for commercial/proprietary applications.
Weak Copyleft (LGPL, MPL-2.0)
Licenses like LGPL allow linking from proprietary software without forcing your software to be open-sourced, provided you meet certain conditions (like allowing users to replace the LGPL library). They carry moderate compliance risk.
Best Practices
- Always review the 'Unknown' licenses manually, as the tool relies on a static offline heuristics engine.
- Generate and store an HTML or Markdown export of your license report before each major production release for compliance auditing.
- Remember that this tool provides informational analysis based on deterministic rules and is NOT legal advice. Always consult with legal counsel for complex compliance questions.
- Analyze your dependency licenses frequently to catch problematic copyleft licenses before they become deeply integrated into your proprietary codebase.
Pro Tips
You can instantly search for a specific package or version in the Results table using the search bar.
The tool works entirely offline. If you have a massive `package.json`, the parsing and matching happens instantaneously in your browser.
Frequently Asked Questions
What are dependency licenses?
Dependency licenses are the legal terms under which the open-source packages you use are distributed. They dictate what you can and cannot do with that software.
What package managers are supported?
Currently, it supports dependencies listed in package.json (Node.js) and requirements.txt (Python). The architecture is designed to support more formats like lockfiles and SBOMs in the future.
How does it detect licenses without network requests?
The tool ships with a hardcoded, offline heuristic map of the top 50,000+ most popular packages on npm and PyPI. This guarantees blazing-fast, secure results without API limits.
Is this legal advice?
No. The ToolMono Dependency License Analyzer provides educational, informational analysis based on deterministic rules. It does NOT constitute legal advice.
Is my data secure?
Absolutely. All processing is done locally in your browser.
Security & Privacy
All parsing and heuristic license matching runs securely and locally in your browser. Your private configuration files and proprietary dependencies are never sent to a server.