Skip to content

mustafaer/developer-license-detector

Repository files navigation

Developer License Detector

License: GPL v3 Chrome Web Store

A powerful Chrome extension that automatically detects open-source libraries and their licenses on web pages, helping developers identify potential license compatibility issues before they become legal problems.

🎯 Overview

Developer License Detector scans web pages to identify JavaScript libraries, CSS frameworks, and other open-source components, then analyzes their licenses for compatibility with your project's license. This helps developers:

  • Prevent License Violations: Identify incompatible licenses before integrating code
  • Ensure Compliance: Stay compliant with open-source licensing requirements
  • Save Time: Automatically detect libraries without manual inspection
  • Make Informed Decisions: Understand licensing implications of your dependencies

✨ Features

πŸ” Multi-Method Detection

  • Script Tag Analysis: Detects libraries from <script> tags with URL pattern matching.
  • Main-World Global Object Detection: Identifies libraries through their global JavaScript objects (e.g. React, Vue, jQuery) by dynamically injecting a query script into the page execution context (Main World), bypassing Chrome's isolated world sandbox restrictions.
  • Link Tag Analysis: Detects CSS frameworks and stylesheet dependencies.
  • Font Library Detection: Identifies web font services (Google Fonts, Adobe Typekit, etc.).

πŸ“Š License Analysis & Database

  • SPDX Compliance: Uses official standardized SPDX identifiers.
  • Compatibility Checking: Compares page dependencies against your target license (MIT, Apache 2.0, GPL, LGPL, BSD, MPL, ISC, etc.).
  • Automatic Version Normalization: Normalizes common license abbreviations to standard SPDX format keys.
  • Risk Assessment: Color-codes compliance into Compatible (Low Risk), Review Required (Medium Risk), and Incompatible (High Risk).
  • Detailed Explanations: Provides plain-English legal explanations and recommendations.

🎨 Premium User Interface & UX

  • Glassmorphic Dark-Mode Design: Premium Dark Mode aesthetics built with modern HSL variables and Outfit/JetBrains Mono typography.
  • Slide-in Settings Overlay: Slide-in settings panel to configure target project license and scan preferences directly inside the popup.
  • Toast Notifications: Interactive toast alerts displaying confirmation logs (e.g., report exports, settings toggles).
  • A11y (Accessibility) Compliant: Modern focus outline styling (:focus-visible) for keyboard navigation.
  • Automatic Sekme Injection: Fallback scripting injection dynamically loads content scripts if a tab is opened before the extension was loaded.

βš™οΈ Optimization & Safety

  • Storage Pruning Policy: Automatically limits cached analysis results to the 50 most recent websites to prevent local storage bloat.
  • 100% Client-Side: All checks are run locally within your browser sandbox. No user data leaves your device.

πŸš€ Quick Start

Installation

Manual Installation (Developer Mode)

  1. Download or clone this repository:
    git clone https://github.com/mustafaer/developer-license-detector.git
  2. Open Chrome and navigate to chrome://extensions/
  3. Enable "Developer mode" (toggle in the top right)
  4. Click "Load unpacked"
  5. Select the build/package directory (if built) or the root project folder.
  6. The extension icon will appear in your toolbar.

Building from Source

To compile, validate JSON schemas, and bundle a package:

# Make the build script executable
chmod +x build.sh

# Build unpacked package & zip distribution
./build.sh --dev

# Or using npm
npm run build:dev

The packaged extension will be placed in build/package/ (unpacked extension source) and build/dist/ (packaged ZIP file ready for Chrome Web Store).


πŸ”§ How It Works

  1. Auto-Scan & Injection Phase: On page load, if "Auto-scan" is enabled, content scripts scan elements. If the script isn't loaded when you open the popup, the extension dynamically injects it.
  2. Main World Query: The content script injects a script into the page DOM to check the true window object properties and dispatches a CustomEvent with results.
  3. SPDX Matching & Extraction: Resolves signatures in data/known-libraries.json or parses inline comments using fuzzy fingerprint matches in utils/license-matcher.js.
  4. Compatibility Check: Background worker compares dependencies against the project license matrix.
  5. Pruning: Storage history is pruned to keep records limited to 50 hostnames.

πŸ› οΈ Development & DX

Prerequisites

  • Node.js (version 14 or higher)
  • Chrome Browser (version 88 or higher)

Directory Structure

developer-license-detector/
β”œβ”€β”€ analyzers/          # License compatibility analyzer matrix
β”œβ”€β”€ background/         # Ephemeral background service worker
β”œβ”€β”€ content/            # Isolated content scripts
β”œβ”€β”€ data/              # License datasets & known libraries JSON
β”œβ”€β”€ detectors/         # Script/Global/Font detector modules
β”œβ”€β”€ icons/             # Custom logo assets (16/32/48/128 px)
β”œβ”€β”€ popup/             # User interface (HTML, CSS, JS)
β”œβ”€β”€ test/              # Zero-dependency Unit Test Suite
└── utils/             # License normalizer & helper utilities

Running Automated Tests

The project includes a Node.js unit testing suite that mocks Chrome and fetch APIs locally, verifying extraction patterns and matrices. Run them with:

npm test

πŸ“Š Roadmap

  • Firefox and Safari cross-browser support
  • Scanning package.json & lock files for Node.js project folders
  • Exporting compliance reports in PDF and CSV format
  • Direct GitHub / GitLab PR integration

πŸ“« Support

πŸ“„ License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.


Made with ❀️ by Mustafa ER