DevGuard Logo

/Devguard
Project
/devguard-web
Repository

Overview
Compliance
Code Risk-Handling
Dependency Risk-Handling
Dependencies

Only OSI approved licenses

This policy checks if there is no violation against the license allow list.

Control evaluation result

Component "/argparse" uses non-OSI approved license "non-standard"
Component "/binaryextensions" uses non-OSI approved license "non-standard"
Component "/buffer" uses non-OSI approved license "non-standard"
Component "/caniuse-lite" uses non-OSI approved license "non-standard"
Component "/chownr" uses non-OSI approved license "non-standard"
Component "/client-only" has no license declared
Component "/concat-map" uses non-OSI approved license "non-standard"
Component "/create-require" uses non-OSI approved license "non-standard"
Component "/damerau-levenshtein" uses non-OSI approved license "non-standard"
Component "/deep-is" uses non-OSI approved license "non-standard"
Component "/dotenv" uses non-OSI approved license "non-standard"
Component "/editions" uses non-OSI approved license "non-standard"
Component "/entities" uses non-OSI approved license "non-standard"
Component "/escodegen" uses non-OSI approved license "non-standard"
Component "/eslint-scope" uses non-OSI approved license "non-standard"
Component "/eslint-visitor-keys" uses non-OSI approved license "non-standard"
Component "/espree" uses non-OSI approved license "non-standard"
Component "/esprima" uses non-OSI approved license "non-standard"
Component "/esquery" uses non-OSI approved license "non-standard"
Component "/esrecurse" uses non-OSI approved license "non-standard"
Component "/estraverse" uses non-OSI approved license "non-standard"
Component "/esutils" uses non-OSI approved license "non-standard"
Component "/fast-json-stable-stringify" uses non-OSI approved license "non-standard"
Component "/focus-visible" uses non-OSI approved license "non-standard"
Component "/fs.realpath" uses non-OSI approved license "non-standard"
Component "/hls.js" uses non-OSI approved license "non-standard"
Component "/ignore" uses non-OSI approved license "non-standard"
Component "/intersection-observer" uses non-OSI approved license "non-standard"
Component "/istextorbinary" uses non-OSI approved license "non-standard"
Component "/json-parse-even-better-errors" uses non-OSI approved license "non-standard"
Component "/json-stable-stringify-without-jsonify" uses non-OSI approved license "non-standard"
Component "/json5" uses non-OSI approved license "non-standard"
Component "/language-subtag-registry" uses non-OSI approved license "non-standard"
Component "/ljharb-monorepo-symlink-test" has no license declared
Component "/lodash" uses non-OSI approved license "non-standard"
Component "/lodash.merge" uses non-OSI approved license "non-standard"
Component "/maath" has no license declared
Component "/makeerror" uses non-OSI approved license "non-standard"
Component "/meshline" has no license declared
Component "/minizlib" uses non-OSI approved license "non-standard"
Component "/mkdirp" uses non-OSI approved license "non-standard"
Component "/mylib" has no license declared
Component "/postprocessing" uses non-OSI approved license "non-standard"
Component "/react-transition-group" uses non-OSI approved license "non-standard"
Component "/saxes" uses non-OSI approved license "non-standard"
Component "/server-only" has no license declared
Component "/source-map" uses non-OSI approved license "non-standard"
Component "/source-map-js" uses non-OSI approved license "non-standard"
Component "/strict-event-emitter" has no license declared
Component "@mediapipe/tasks-vision" has no license declared
Component "@my-scope/package-a" has no license declared
Component "@my-scope/package-b" has no license declared
Component "@napi-rs/wasm-runtime" uses non-OSI approved license "non-standard"
Component "@ory/client" has no license declared
Component "@ory/integrations" has no license declared
Component "@radix-ui/colors" has no license declared
Component "@radix-ui/react-compose-refs" has no license declared
Component "@radix-ui/react-icons" has no license declared
Component "@rushstack/eslint-patch" uses non-OSI approved license "non-standard"
Component "@sinclair/typebox" uses non-OSI approved license "non-standard"
Component "debian/base-files" has no license declared
Component "debian/gcc-12-base" has no license declared
Component "debian/libc6" has no license declared
Component "debian/libgcc-s1" has no license declared
Component "debian/libgomp1" has no license declared
Component "debian/libssl3" has no license declared
Component "debian/libstdc++6" has no license declared
Component "debian/netbase" has no license declared
Component "debian/tzdata" has no license declared

Status

Evaluation result after comparing the policy with the current state of the asset
69 Violations
Update the attestation using the following command
devguard-scanner attest --predicateType "https://cyclonedx.org/bom" <json file>
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version d51ba4d3f2ef56cdcc49e35bed410d86e1263d7a