An AI agent just added a dependency. Is it AGPL? BUSL? unlicensed? Licenses change between versions and "source on GitHub" doesn't mean "free to ship". license-guardian resolves each dependency's real license from the live npm registry and tells you whether it's compatible with how you distribute.
| 🔴 Network copyleft | AGPL / SSPL — serving it over your API can force you to open-source your whole backend. The #1 SaaS trap. |
| 🟠 Source-available | BUSL / Elastic — looks open on GitHub, but production/commercial use is restricted. |
| 🟠 Strong copyleft | GPL in a closed-source product = a license violation when you distribute. |
| 🔴 No license | A dependency with no license is all-rights-reserved — you have no legal right to ship it. |
POST /audit { "package_json": "{…}", "context": "saas-backend" }
GET /license?name=next@13.0.0Try it: /license?name=express · /license?name=mongodb
proprietary closed-source software you distribute (default) saas-backend closed backend served over a network -> flags AGPL/SSPL permissive your project is MIT/Apache and must stay non-copyleft copyleft-ok your project is itself GPL/AGPL
{
"mcpServers": {
"license-guardian": { "command": "npx", "args": ["-y", "license-guardian-mcp"] }
}
}Or connect over HTTP at POST /mcp. Tools: audit_package_json, audit_dependencies, explain_license.
The /pro/* route is gated by x402. Your agent pays $0.02 USDC per call automatically — no sign-up, no API key. Settles on-chain.
POST /pro/audit { "package_json": "…", "context": "…" } # 402 → pay → result