---

name: mit-licensing description: Audit dependency licenses for MIT compatibility. Use when the user wants to check if their project's dependencies are compatible with MIT license, find problematic licenses (GPL, AGPL, etc.), or generate a license audit report. Supports Node.js (npm/pnpm) and Rust (Cargo) projects. allowed_tools:

• Bash
• Read
• Glob
• Write

---

MIT License Compatibility Audit

Check project dependencies for licenses incompatible with MIT.

Workflow

1. Collect License Data

Node.js (pnpm):

pnpm licenses list --json

Node.js (npm):

npx license-checker --json

Rust:

cargo metadata --format-version 1

2. Identify Problematic Licenses

Incompatible with MIT (block release):

• GPL, GPLv2, GPLv3
• AGPL, AGPLv3
• SSPL, BUSL, CPAL, EUPL

Requires investigation:

• LGPL (may be acceptable depending on linking)
• UNKNOWN, UNLICENSED, SEE LICENSE IN LICENSE
• CC-BY-* (requires attribution)

Generally compatible:

• MIT, ISC, BSD-2-Clause, BSD-3-Clause
• Apache-2.0 (include NOTICE if present)
• MPL-2.0 (disclose modifications to MPL files)
• Unlicense, CC0-1.0, WTFPL

Rust dual-licensing:

• MIT OR Apache-2.0 → Choose MIT, compatible
• GPL OR MIT → Choose MIT, compatible

3. Generate Report

Report format:

# License Audit Report

## Summary
- Total packages: [count]
- Compatible: [count]
- Requires attention: [count]
- Incompatible: [count]

## Incompatible Licenses
| Package | License | Action Required |
|---------|---------|-----------------|
| [name]  | GPL-3.0 | Remove or find alternative |

## Requires Attention
| Package | License | Notes |
|---------|---------|-------|
| [name]  | UNKNOWN | Verify license manually |
| [name]  | CC-BY-4.0 | Add attribution |

## Compatible Licenses
[List of packages grouped by license type]