Dependency License Checker

Block dependency installs that introduce GPL, AGPL, or other restrictive licenses incompatible with your policy.

4.6(41 reviews)

17,800 installs

by Community

About

Intercepts `npm install`, `pip install`, `cargo add`, etc., resolves the new dependency tree, and blocks the install if any package has a license outside your allowlist. Supports MIT/Apache/BSD allowlist by default.

Hook Configuration (hooks.json)

{
  "hooks": [
    {
      "event": "preToolUse",
      "matcher": "Bash(npm install*|pip install*|cargo add*)",
      "command": ".github/hooks/dependency-license-checker/check.sh",
      "env": {
        "ALLOWED_LICENSES": "MIT,Apache-2.0,BSD-3-Clause,BSD-2-Clause,ISC,Unlicense",
        "MODE": "warn"
      }
    }
  ]
}

Triggers:preToolUsemode: warn

Related Hooks

Hook⭐

security

FREE

Secrets Scanner

Pre-commit hook that scans modified files for accidentally leaked secrets and blocks the commit.

secretssecuritypre-commit

GitHub

4.9(142)

52k

★3.4k

HookNEW

compliance

FREE

Governance Audit

Audit user prompts for prompt injection, exfiltration attempts, and policy violations across the session.

governanceauditcompliance

GitHub

4.7(64)

25k

★1.7k

Install

# Install hook into your project:
mkdir -p .github/hooks/dependency-license-checker
curl -fsSL "https://raw.githubusercontent.com/github/awesome-copilot/main/hooks/dependency-license-checker/hooks.json" \
  -o .github/hooks/dependency-license-checker/hooks.json

View source on GitHub →

Community

@awesome-copilot-community

View on GitHub