By name: mit-licensing description: Audit dependency licenses for MIT compatibility. Use when the user wants to check if their project's dependencies are compatible with MIT license, find problematic licenses (GPL, AGPL, etc.), or generate a license audit report. Supports Node.js (npm/pnpm) and Rust (Cargo) projects. allowed_tools: - Bash - Read - Glob - Write
MIT License Compatibility Audit
Check project dependencies for licenses incompatible with MIT.
Workflow
1. Collect License Data
Node.js (pnpm):
pnpm licenses list --json
Node.js (npm):
npx license-checker --json
Rust:
cargo metadata --format-version 1
2. Identify Problematic Licenses
Incompatible with MIT (block release):
- GPL, GPLv2, GPLv3
- AGPL, AGPLv3
- SSPL, BUSL, CPAL, EUPL
Requires investigation:
- LGPL (may be acceptable depending on linking)
UNKNOWN,UNLICENSED,SEE LICENSE IN LICENSE- CC-BY-* (requires attribution)
Generally compatible:
- MIT, ISC, BSD-2-Clause, BSD-3-Clause
- Apache-2.0 (include NOTICE if present)
- MPL-2.0 (disclose modifications to MPL files)
- Unlicense, CC0-1.0, WTFPL
Rust dual-licensing:
MIT OR Apache-2.0→ Choose MIT, compatibleGPL OR MIT→ Choose MIT, compatible
3. Generate Report
Report format:
# License Audit Report
## Summary
- Total packages: [count]
- Compatible: [count]
- Requires attention: [count]
- Incompatible: [count]
## Incompatible Licenses
| Package | License | Action Required |
|---------|---------|-----------------|
| [name] | GPL-3.0 | Remove or find alternative |
## Requires Attention
| Package | License | Notes |
|---------|---------|-------|
| [name] | UNKNOWN | Verify license manually |
| [name] | CC-BY-4.0 | Add attribution |
## Compatible Licenses
[List of packages grouped by license type]