Stats
Actions
Tags
From compliance-planning
Analyzes open source license compliance for project dependencies in Node.js, Python, .NET, and Java projects. Categorizes licenses, checks policies, flags risks, and generates detailed reports.
How this skill is triggered — by the user, by Claude, or both
Slash command
/compliance-planning:scan-licensesThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Analyze project dependencies for license compliance.
Analyze project dependencies for license compliance.
Load these skills:
license-compliance - License requirements and compatibilitysbom-management - Dependency trackingDetect the project type and package manager:
*.csproj, *.sln, packages.configpackage.json, package-lock.jsonrequirements.txt, pyproject.toml, setup.pypom.xml, build.gradleFor .NET projects:
dotnet list package --include-transitive
For Node.js:
npm ls --all --json
For each dependency:
Verify license compatibility:
Create a comprehensive license compliance report.
# Scan current directory
/compliance-planning:scan-licenses
# Scan specific project
/compliance-planning:scan-licenses "./src/MyApp"
# Scan solution
/compliance-planning:scan-licenses "./MySolution.sln"
# License Compliance Report: [Project Name]
## Summary
| Metric | Count |
|--------|-------|
| Total Dependencies | [N] |
| Direct Dependencies | [N] |
| Transitive Dependencies | [N] |
| Approved Licenses | [N] |
| Requires Review | [N] |
| Prohibited | [N] |
| Unknown | [N] |
### Compliance Status: [COMPLIANT / REVIEW REQUIRED / NON-COMPLIANT]
---
## License Distribution
| License | Category | Count | Status |
|---------|----------|-------|--------|
| MIT | Permissive | [N] | Approved |
| Apache-2.0 | Permissive | [N] | Approved |
| GPL-3.0 | Strong Copyleft | [N] | Prohibited |
---
## Dependencies by Status
### Approved
| Package | Version | License | Category |
|---------|---------|---------|----------|
| [Package] | [Version] | [License] | Permissive |
### Requires Review
| Package | Version | License | Concern |
|---------|---------|---------|---------|
| [Package] | [Version] | [License] | [Why review needed] |
### Prohibited
| Package | Version | License | Issue | Alternative |
|---------|---------|---------|-------|-------------|
| [Package] | [Version] | [License] | [Issue] | [Suggested alternative] |
### Unknown
| Package | Version | License Info | Action |
|---------|---------|--------------|--------|
| [Package] | [Version] | [Info] | [Required action] |
---
## Compatibility Analysis
### License Conflicts
| Package 1 | License 1 | Package 2 | License 2 | Conflict |
|-----------|-----------|-----------|-----------|----------|
### Copyleft Assessment
**Copyleft Packages Found:** [Y/N]
| Package | License | Impact | Mitigation |
|---------|---------|--------|------------|
---
## Obligations Summary
### Attribution Required
| Package | License | Attribution Text |
|---------|---------|-----------------|
### Source Disclosure Required
| Package | License | Requirement |
|---------|---------|-------------|
### Notice Files Required
| Package | NOTICE File | Status |
|---------|-------------|--------|
---
## Recommended Actions
### Immediate Actions
1. **Replace prohibited packages**
- [Package] -> [Alternative]
2. **Review flagged packages**
- [Package] - [Review reason]
### Documentation Actions
1. **Update NOTICE file**
- Add attributions for: [Packages]
2. **Add license files**
- Include: [License files needed]
---
## NOTICE File Content
```text
THIRD-PARTY SOFTWARE NOTICES AND INFORMATION
This software includes the following third-party components:
[Package Name] ([Version])
License: [License]
[Copyright notice]
---
[Continue for all dependencies]
```
---
## Policy Compliance
| Policy Rule | Status | Details |
|-------------|--------|---------|
| No GPL in proprietary | [Status] | [Details] |
| No AGPL | [Status] | [Details] |
| All licenses identified | [Status] | [Details] |
| Attributions complete | [Status] | [Details] |
For .NET projects, the following commands are useful:
# Install license checker
dotnet tool install --global dotnet-project-licenses
# Generate license report
dotnet-project-licenses -i ./MySolution.sln
# Generate SBOM
dotnet CycloneDX ./MySolution.sln -o sbom.json -j
npx claudepluginhub melodic-software/claude-code-plugins --plugin compliance-planningGuides open source license compliance: evaluates dependencies, analyzes compatibility between licenses, tracks obligations, and supports attribution and workflows for distribution.
Performs interactive open-source license compliance audits: identifies dependency licenses from manifests like package.json and pyproject.toml, flags risks, detects incompatibilities based on project license and risk tolerance.
Checks dependency lists, SBOMs, or outbound code for open source license compliance. Classifies packages by license family, flags copyleft obligations and non-OSI licenses, and recommends actions.