scan-licenses | compliance-planning | ClaudePluginHub

Skill

scan-licenses

From compliance-planning

Analyzes open source license compliance for project dependencies in Node.js, Python, .NET, and Java projects. Categorizes licenses, checks policies, flags risks, and generates detailed reports.

$

npx claudepluginhub melodic-software/claude-code-plugins --plugin compliance-planning

Tool Access

This skill is limited to using the following tools:

TaskSkillReadGlobGrep

Preview

Analyze project dependencies for license compliance.

SKILL.md

Similar Skills

license-compliance

40

Guides open source license compliance: evaluates dependencies, analyzes compatibility between licenses, tracks obligations, and supports attribution and workflows for distribution.

6 tools

compliance-planning

compliance-license-audit

29

Performs interactive open-source license compliance audits: identifies dependency licenses from manifests like package.json and pyproject.toml, flags risks, detects incompatibilities based on project license and risk tolerance.

vgv-license-compliance

110

Audits Dart/Flutter dependency licenses using Very Good CLI packages_check_licenses tool. Flags non-compliant, unknown, or copyleft licenses and generates compliance summary for pre-release checks.

4 tools

vgv-ai-flutter-plugin

Stats

Parent Repo Stars40

Parent Repo Forks6

Last CommitFeb 15, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

license-compliance

dependency-scan

open-source-licenses

sbom-management

compliance-report

Help us improve

Share bugs, ideas, or general feedback.

Open Source License Compliance Scan

Analyze project dependencies for license compliance.

Workflow

Step 1: Load Required Skills

Load these skills:

license-compliance - License requirements and compatibility
sbom-management - Dependency tracking

Step 2: Identify Project Type

Detect the project type and package manager:

.NET: Look for *.csproj, *.sln, packages.config
Node.js: Look for package.json, package-lock.json
Python: Look for requirements.txt, pyproject.toml, setup.py
Java: Look for pom.xml, build.gradle

Step 3: Extract Dependencies

For .NET projects:

dotnet list package --include-transitive

For Node.js:

npm ls --all --json

Step 4: Analyze Licenses

For each dependency:

Identify the license (SPDX identifier)
Categorize (Permissive, Weak Copyleft, Strong Copyleft)
Check against policy (Approved, Requires Review, Prohibited)
Identify obligations

Step 5: Check Compatibility

Verify license compatibility:

Check inbound vs outbound license compatibility
Identify conflicting licenses
Flag copyleft contamination risks

Step 6: Generate Report

Create a comprehensive license compliance report.

Example Usage

# Scan current directory
/compliance-planning:scan-licenses

# Scan specific project
/compliance-planning:scan-licenses "./src/MyApp"

# Scan solution
/compliance-planning:scan-licenses "./MySolution.sln"

Output Format

# License Compliance Report: [Project Name]

## Summary

| Metric | Count |
|--------|-------|
| Total Dependencies | [N] |
| Direct Dependencies | [N] |
| Transitive Dependencies | [N] |
| Approved Licenses | [N] |
| Requires Review | [N] |
| Prohibited | [N] |
| Unknown | [N] |

### Compliance Status: [COMPLIANT / REVIEW REQUIRED / NON-COMPLIANT]

---

## License Distribution

| License | Category | Count | Status |
|---------|----------|-------|--------|
| MIT | Permissive | [N] | Approved |
| Apache-2.0 | Permissive | [N] | Approved |
| GPL-3.0 | Strong Copyleft | [N] | Prohibited |

---

## Dependencies by Status

### Approved

| Package | Version | License | Category |
|---------|---------|---------|----------|
| [Package] | [Version] | [License] | Permissive |

### Requires Review

| Package | Version | License | Concern |
|---------|---------|---------|---------|
| [Package] | [Version] | [License] | [Why review needed] |

### Prohibited

| Package | Version | License | Issue | Alternative |
|---------|---------|---------|-------|-------------|
| [Package] | [Version] | [License] | [Issue] | [Suggested alternative] |

### Unknown

| Package | Version | License Info | Action |
|---------|---------|--------------|--------|
| [Package] | [Version] | [Info] | [Required action] |

---

## Compatibility Analysis

### License Conflicts
| Package 1 | License 1 | Package 2 | License 2 | Conflict |
|-----------|-----------|-----------|-----------|----------|

### Copyleft Assessment

**Copyleft Packages Found:** [Y/N]

| Package | License | Impact | Mitigation |
|---------|---------|--------|------------|

---

## Obligations Summary

### Attribution Required
| Package | License | Attribution Text |
|---------|---------|-----------------|

### Source Disclosure Required
| Package | License | Requirement |
|---------|---------|-------------|

### Notice Files Required
| Package | NOTICE File | Status |
|---------|-------------|--------|

---

## Recommended Actions

### Immediate Actions
1. **Replace prohibited packages**
   - [Package] -> [Alternative]

2. **Review flagged packages**
   - [Package] - [Review reason]

### Documentation Actions
1. **Update NOTICE file**
   - Add attributions for: [Packages]

2. **Add license files**
   - Include: [License files needed]

---

## NOTICE File Content

```text

THIRD-PARTY SOFTWARE NOTICES AND INFORMATION

This software includes the following third-party components:

[Package Name] ([Version])
License: [License]
[Copyright notice]

---
[Continue for all dependencies]

```

---

## Policy Compliance

| Policy Rule | Status | Details |
|-------------|--------|---------|
| No GPL in proprietary | [Status] | [Details] |
| No AGPL | [Status] | [Details] |
| All licenses identified | [Status] | [Details] |
| Attributions complete | [Status] | [Details] |

.NET-Specific Commands

For .NET projects, the following commands are useful:

# Install license checker
dotnet tool install --global dotnet-project-licenses

# Generate license report
dotnet-project-licenses -i ./MySolution.sln

# Generate SBOM
dotnet CycloneDX ./MySolution.sln -o sbom.json -j