mcp_ScancodeMCP_summarize_license_risks
Identify high-risk licenses in software code and summarize legal compliance issues for each license type to assess potential vulnerabilities.
Instructions
Lists all files with high-risk/problematic licenses and provides a legal risk summary for each license type.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| random_string | No | Dummy parameter for no-parameter tools |
Implementation Reference
- index.ts:112-122 (handler)The main handler function for the 'mcp_ScancodeMCP_summarize_license_risks' tool. It checks for license data, builds a risk map of licenses to files, generates a summary report for each license using legal summaries, and returns markdown content.
async ({ random_string }) => { if (!licenseData?.problematic_licenses) { return { content: [{ type: "text", text: "License data not loaded or no problematic licenses found." }] }; } const riskMap: Record<string, Set<string>> = buildRiskMap(); let report = 'Summary of High-Risk/Problematic Licenses and Files:\n'; for (const lic in riskMap) { report += `\nLicense: ${lic}\nFiles: ${Array.from(riskMap?.[lic] ?? []).join('; ')}\n`; report += await legalSummaryForLicense(lic, true); } return { content: [{ type: "text", text: report }] }; - index.ts:107-111 (schema)Input schema and metadata (title, description) for the tool registration.
{ title: "Summarize License Risks", description: "Lists all files with high-risk/problematic licenses and provides a legal risk summary for each license type.", inputSchema: { random_string: z.string().describe("Dummy parameter for no-parameter tools").optional() }, }, - index.ts:105-124 (registration)The server.registerTool call that registers the 'mcp_ScancodeMCP_summarize_license_risks' tool with its schema and inline handler function.
server.registerTool( "mcp_ScancodeMCP_summarize_license_risks", { title: "Summarize License Risks", description: "Lists all files with high-risk/problematic licenses and provides a legal risk summary for each license type.", inputSchema: { random_string: z.string().describe("Dummy parameter for no-parameter tools").optional() }, }, async ({ random_string }) => { if (!licenseData?.problematic_licenses) { return { content: [{ type: "text", text: "License data not loaded or no problematic licenses found." }] }; } const riskMap: Record<string, Set<string>> = buildRiskMap(); let report = 'Summary of High-Risk/Problematic Licenses and Files:\n'; for (const lic in riskMap) { report += `\nLicense: ${lic}\nFiles: ${Array.from(riskMap?.[lic] ?? []).join('; ')}\n`; report += await legalSummaryForLicense(lic, true); } return { content: [{ type: "text", text: report }] }; } ); - index.ts:126-135 (helper)Helper function called by the handler to aggregate files per license type from the problematic_licenses data.
function buildRiskMap(): Record<string, Set<string>> { const riskMap: Record<string, Set<string>> = {}; for (const category in licenseData?.problematic_licenses ?? {}) { for (const item of licenseData?.problematic_licenses?.[category] ?? []) { if (!riskMap[item.name]) riskMap[item.name] = new Set(); riskMap[item.name].add(item.file); } } return riskMap; } - index.ts:196-253 (helper)Helper function that provides legal summaries for licenses, used by the handler to append risk explanations. Contains a lookup table of license summaries.
async function legalSummaryForLicense(licenseName: string, short = false): Promise<string> { // This is a simplified legal expert system for demo purposes const name = licenseName.toLowerCase(); const licenseSummaries: { [key: string]: { short: string; long: string } } = { "mit": { short: "MIT: Permissive, allows reuse/modification, requires attribution, disclaims warranties. Low risk.", long: `Type: Permissive\nGrant: Broad rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.\nObligations: Must include original copyright and license.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Compatible with most open and closed licenses.\nRisks: Minimal.\nCommercial Use: Safe.\n` }, "gpl": { short: "GPL: Copyleft, requires derivatives to be GPL, viral effect, not business-friendly for closed source.", long: `Type: Copyleft\nGrant: Use, copy, modify, distribute.\nObligations: Derivatives must be GPL, source code disclosure required.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Incompatible with most closed/proprietary licenses.\nRisks: Viral obligations, business model conflict.\nCommercial Use: Risky for proprietary.\n` }, "lgpl": { short: "LGPL: Weak copyleft, allows dynamic linking, but modifications to LGPL code must be open.", long: `Type: Weak Copyleft\nGrant: Use, copy, modify, distribute.\nObligations: Modifications to LGPL code must be LGPL, dynamic linking allowed.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: More compatible than GPL, but still viral for modifications.\nRisks: Linking confusion.\nCommercial Use: Moderate risk.\n` }, "bsd": { short: "BSD: Permissive, minimal restrictions, requires attribution.", long: `Type: Permissive\nGrant: Use, copy, modify, distribute.\nObligations: Attribution, sometimes no endorsement.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: High.\nRisks: Minimal.\nCommercial Use: Safe.\n` }, "apache": { short: "Apache: Permissive, explicit patent grant, requires NOTICE file.", long: `Type: Permissive\nGrant: Use, copy, modify, distribute.\nObligations: Attribution, NOTICE file, patent grant.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: High, but not with GPLv2.\nRisks: Patent termination.\nCommercial Use: Safe.\n` }, "proprietary": { short: "Proprietary: Custom terms, usually restricts use, modification, redistribution. High legal risk.", long: `Type: Proprietary\nGrant: Limited, as specified.\nObligations: As specified, often strict.\nWarranty: Varies.\nIndemnity: Varies.\nCompatibility: Usually incompatible with open source.\nRisks: High, custom terms.\nCommercial Use: Review required.\n` }, "unknown": { short: "Unknown: No license detected, all rights reserved by default. Cannot use, modify, or distribute.", long: `Type: Unknown\nGrant: None.\nObligations: Cannot use, modify, or distribute.\nWarranty: None.\nIndemnity: None.\nCompatibility: None.\nRisks: Maximum.\nCommercial Use: Forbidden.\n` }, "cc-by": { short: "CC-BY: Attribution required, otherwise permissive.", long: `Type: Permissive (Creative Commons)\nGrant: Use, share, adapt.\nObligations: Attribution.\nWarranty: Disclaimed.\nIndemnity: None.\nCompatibility: Not for software.\nRisks: License scope confusion.\nCommercial Use: Allowed.\n` }, "public-domain": { short: "Public Domain: No rights reserved, free to use.", long: `Type: Public Domain\nGrant: Unrestricted.\nObligations: None.\nWarranty: None.\nIndemnity: None.\nCompatibility: Universal.\nRisks: None.\nCommercial Use: Safe.\n` }, "default": { short: `Custom/Unknown: Legal review required. High risk of non-compliance or business conflict.`, long: `Type: Custom/Unknown\nGrant: Unclear.\nObligations: Unclear.\nWarranty: Unclear.\nIndemnity: Unclear.\nCompatibility: Unclear.\nRisks: High.\nCommercial Use: Not recommended without legal review.\n` } }; for (const key in licenseSummaries) { if (name.includes(key)) { const summary = licenseSummaries[key]; return short ? summary.short : summary.long; } } // Fallback for custom/complex/unknown if no match found const defaultSummary = licenseSummaries["default"]; return short ? defaultSummary.short : defaultSummary.long; }