LicenseGuard

catch GPL contamination before your AI agent ships it

npx -y github:Isco0819/license-guard

Ever run into this?

AI coding agents add npm packages freely without checking license compatibility. A single AGPL or GPL dep silently contaminates your MIT project — legal risk baked in before anyone notices. license-checker has 8M+ weekly npm downloads proving the pain is real, yet no MCP server layer exists to gate agent-driven installs.

The fix

MCP server + npx CLI that resolves each new dependency's SPDX license and returns OK / WARN / BLOCK before the package.json write lands — stopping copyleft contamination at the agent tool-call layer.

What it does

npx -y github:Isco0819/license-guard