MCP Hub
Back to servers

mcp-check-licenses

Audit dependency licenses for compatibility issues. Flags GPL/AGPL conflicts.

Registry
Updated
Apr 7, 2026
View Source
Claim this server

Quick Install

npx -y mcp-check-licenses

mcp-license-audit

MCP server that audits your project's dependency licenses for compatibility issues. Flags GPL/AGPL conflicts and generates compliance reports.

What It Does

  • Parses a package.json file (dependencies + devDependencies)
  • Fetches license info for each package from the npm registry
  • Classifies licenses: permissive (MIT, Apache, BSD, ISC), copyleft (GPL, AGPL), weak-copyleft (LGPL, MPL), unknown
  • Detects conflicts (e.g., GPL dependency in an MIT-licensed project)
  • Returns a structured JSON report with risk level and summary

Install

npm install -g mcp-license-audit
# or run directly:
npx mcp-license-audit

Configure in Claude Code

Add to your .claude/mcp.json or ~/.claude/mcp.json:

{
  "mcpServers": {
    "license-audit": {
      "command": "npx",
      "args": ["mcp-license-audit"]
    }
  }
}

Or if installed globally:

{
  "mcpServers": {
    "license-audit": {
      "command": "mcp-license-audit"
    }
  }
}

Analytics

This server supports MCPcat analytics. To enable usage tracking, session replay, and error monitoring, set the MCPCAT_PROJECT_ID environment variable in your MCP client config:

{
  "mcpServers": {
    "license-audit": {
      "command": "npx",
      "args": ["mcp-license-audit"],
      "env": {
        "MCPCAT_PROJECT_ID": "proj_your_id_here"
      }
    }
  }
}

Without it, the server runs normally with no analytics. See the MCPcat setup guide for details.

Tool: audit-licenses

Input: packageJson — the full contents of a package.json file as a string.

Output: JSON report:

{
  "totalDependencies": 15,
  "analyzed": 15,
  "licenses": {
    "MIT": ["express", "lodash"],
    "Apache-2.0": ["typescript"],
    "GPL-3.0": ["some-package"],
    "unknown": ["private-pkg"]
  },
  "conflicts": [
    {
      "package": "some-package",
      "license": "GPL-3.0",
      "issue": "GPL dependency in MIT project — must open-source your code if distributed"
    }
  ],
  "riskLevel": "medium",
  "summary": "15 deps analyzed. 1 GPL conflict found. 1 unknown license."
}

Risk levels: low (no copyleft), medium (weak copyleft or many unknowns), high (GPL/AGPL found).

Limits

  • Analyzes first 20 dependencies for speed
  • Only supports npm packages (no pip/cargo/gem support yet)
  • License data comes from the npm registry — private packages return "unknown"

Build from Source

npm install
npm run build
node dist/index.js

Reviews

No reviews yet

Sign in to write a review