AgentSkillsCN

mit-licensing

审计依赖许可证以确保其与MIT许可证兼容。当用户希望检查项目依赖是否符合MIT许可证要求、查找存在问题的许可证(如GPL、AGPL等)或生成许可证审计报告时使用此功能。支持Node.js(npm/pnpm)和Rust(Cargo)项目。

SKILL.md
--- frontmatter
name: mit-licensing
description: Audit dependency licenses for MIT compatibility. Use when the user wants to check if their project's dependencies are compatible with MIT license, find problematic licenses (GPL, AGPL, etc.), or generate a license audit report. Supports Node.js (npm/pnpm) and Rust (Cargo) projects.
allowed_tools:
  - Bash
  - Read
  - Glob
  - Write

MIT License Compatibility Audit

Check project dependencies for licenses incompatible with MIT.

Workflow

1. Collect License Data

Node.js (pnpm):

bash
pnpm licenses list --json

Node.js (npm):

bash
npx license-checker --json

Rust:

bash
cargo metadata --format-version 1

2. Identify Problematic Licenses

Incompatible with MIT (block release):

  • GPL, GPLv2, GPLv3
  • AGPL, AGPLv3
  • SSPL, BUSL, CPAL, EUPL

Requires investigation:

  • LGPL (may be acceptable depending on linking)
  • UNKNOWN, UNLICENSED, SEE LICENSE IN LICENSE
  • CC-BY-* (requires attribution)

Generally compatible:

  • MIT, ISC, BSD-2-Clause, BSD-3-Clause
  • Apache-2.0 (include NOTICE if present)
  • MPL-2.0 (disclose modifications to MPL files)
  • Unlicense, CC0-1.0, WTFPL

Rust dual-licensing:

  • MIT OR Apache-2.0 → Choose MIT, compatible
  • GPL OR MIT → Choose MIT, compatible

3. Generate Report

Report format:

markdown
# License Audit Report

## Summary
- Total packages: [count]
- Compatible: [count]
- Requires attention: [count]
- Incompatible: [count]

## Incompatible Licenses
| Package | License | Action Required |
|---------|---------|-----------------|
| [name]  | GPL-3.0 | Remove or find alternative |

## Requires Attention
| Package | License | Notes |
|---------|---------|-------|
| [name]  | UNKNOWN | Verify license manually |
| [name]  | CC-BY-4.0 | Add attribution |

## Compatible Licenses
[List of packages grouped by license type]