MIT License Compatibility Audit
Check project dependencies for licenses incompatible with MIT.
Workflow
1. Collect License Data
Node.js (pnpm):
bash
pnpm licenses list --json
Node.js (npm):
bash
npx license-checker --json
Rust:
bash
cargo metadata --format-version 1
2. Identify Problematic Licenses
Incompatible with MIT (block release):
- •GPL, GPLv2, GPLv3
- •AGPL, AGPLv3
- •SSPL, BUSL, CPAL, EUPL
Requires investigation:
- •LGPL (may be acceptable depending on linking)
- •
UNKNOWN,UNLICENSED,SEE LICENSE IN LICENSE - •CC-BY-* (requires attribution)
Generally compatible:
- •MIT, ISC, BSD-2-Clause, BSD-3-Clause
- •Apache-2.0 (include NOTICE if present)
- •MPL-2.0 (disclose modifications to MPL files)
- •Unlicense, CC0-1.0, WTFPL
Rust dual-licensing:
- •
MIT OR Apache-2.0→ Choose MIT, compatible - •
GPL OR MIT→ Choose MIT, compatible
3. Generate Report
Report format:
markdown
# License Audit Report ## Summary - Total packages: [count] - Compatible: [count] - Requires attention: [count] - Incompatible: [count] ## Incompatible Licenses | Package | License | Action Required | |---------|---------|-----------------| | [name] | GPL-3.0 | Remove or find alternative | ## Requires Attention | Package | License | Notes | |---------|---------|-------| | [name] | UNKNOWN | Verify license manually | | [name] | CC-BY-4.0 | Add attribution | ## Compatible Licenses [List of packages grouped by license type]