license-compliance-checker

// Automated license compliance verification for dependencies to ensure legal compliance during migration

$ git log --oneline --stat

stars:384

forks:73

updated:March 4, 2026

SKILL.mdreadonly

SKILL.md Frontmatter

namelicense-compliance-checker

descriptionAutomated license compliance verification for dependencies to ensure legal compliance during migration

allowed-toolsBash,Read,Write,Grep,Glob,Edit

License Compliance Checker Skill

Automated verification of license compliance across all project dependencies to ensure legal compliance during migration activities.

Purpose

Enable comprehensive license compliance checking for:

Dependency license identification
Compatibility verification
Copyleft license flagging
Attribution requirement tracking
Policy enforcement

Capabilities

1. License Identification

Extract licenses from dependencies
Parse SPDX identifiers
Detect custom licenses
Handle multi-license packages

2. Compatibility Checking

Verify license compatibility
Check against project license
Identify conflicting licenses
Map dependency license chains

3. Copyleft License Flagging

Detect GPL/AGPL licenses
Identify viral clauses
Flag distribution implications
Alert on copyleft in proprietary projects

4. Attribution Requirement Tracking

Collect NOTICE requirements
Track attribution obligations
Generate attribution documents
Monitor compliance completeness

5. Policy Enforcement

Define allowed/blocked licenses
Enforce organizational policies
Generate compliance reports
Track policy violations

6. Compliance Report Generation

Create audit-ready reports
Generate SBOM with licenses
Produce attribution files
Export compliance evidence

Tool Integrations

Tool	Purpose	Integration Method
FOSSA	Full compliance platform	API
WhiteSource	License scanning	API
Black Duck	Comprehensive analysis	API
license-checker	npm license checking	CLI
licensee	License detection	CLI
go-licenses	Go license checking	CLI
pip-licenses	Python license checking	CLI

Output Schema

{
  "analysisId": "string",
  "timestamp": "ISO8601",
  "projectLicense": "string",
  "dependencies": [
    {
      "name": "string",
      "version": "string",
      "license": "string",
      "spdxId": "string",
      "compatible": "boolean",
      "attributionRequired": "boolean",
      "riskLevel": "high|medium|low|none"
    }
  ],
  "compliance": {
    "status": "compliant|non-compliant|review-required",
    "violations": [],
    "warnings": [],
    "attributionNeeded": []
  },
  "sbom": {
    "format": "SPDX|CycloneDX",
    "path": "string"
  }
}

Integration with Migration Processes

dependency-analysis-updates: License verification
legacy-codebase-assessment: Compliance assessment

Related Skills

dependency-scanner: Dependency discovery
vulnerability-scanner: Security + compliance

Related Agents

dependency-modernization-agent: License-safe updates
compliance-migration-agent: Full compliance