Know before your dependencies
change their license
Projects you depend on can switch from MIT to BSL overnight. Relicense monitors upstream license files and alerts you in hours — not weeks after the community fork.
Free early access. No spam. Unsubscribe anytime.
It keeps happening
Major open-source projects have changed their licenses with little warning — breaking trust, forcing forks, and leaving downstream users scrambling.
Elasticsearch and Kibana switched from Apache 2.0 to SSPL, blocking cloud providers from offering managed services. AWS responded by forking OpenSearch — now an independent project with its own ecosystem.
Redis Labs changed Redis from BSD to a dual RSAL/SSPL license. The Linux Foundation responded within weeks by launching Valkey as a community-maintained fork.
Terraform, Vault, Consul, and other HashiCorp tools switched from MPL 2.0 to Business Source License. The community forked Terraform into OpenTofu within days.
Cal.com shut down public access to its source code entirely. The community-driven fork Cal.diy appeared a week later — but most self-hosters had no advance warning.
How Relicense works
Three steps between you and a license rug pull.
Paste your package.json, go.mod, requirements.txt, or Cargo.toml. We parse every dependency automatically.
Our engine polls each dependency's LICENSE file, package.json license field, and CLA bot status on a regular schedule.
When a license changes — especially from permissive (MIT, Apache, BSD) to restrictive (BSL, SSPL, AGPL) — you get a Slack + email alert with the diff and suggested fork URL.
Simple pricing
All plans include license change alerts and fork recommendations.
- 5 monitored dependencies
- Email alerts
- Weekly scan frequency
- Public repos only
- 100 monitored dependencies
- Email + Slack alerts
- Daily scan frequency
- NPM + PyPI registry monitoring
- License risk dashboard
- Unlimited dependencies
- Email + Slack + webhook
- Hourly scan frequency
- Transitive dependency graph
- CLA bot event monitoring
- Priority support
Frequently asked questions
What is a license rug pull?
A "license rug pull" is when an open-source project suddenly changes its license from a permissive one (like MIT or Apache 2.0) to a restrictive or proprietary one (like BSL, SSPL, or fully closed source). This can break your legal right to use, modify, or distribute the software — often with little to no advance notice.
Which license changes does Relicense detect?
We detect any modification to the LICENSE file, license field in package manifests (package.json, Cargo.toml, etc.), and CLA bot additions. We specifically flag transitions from permissive licenses (MIT, Apache 2.0, BSD, MPL) to restrictive licenses (BSL, SSPL, AGPL, RSAL, or proprietary/closed source).
How fast are the alerts?
Depending on your plan, we scan between hourly and weekly. When a change is detected, you'll receive an alert within minutes — including a diff showing exactly what changed and a link to any known community fork.
Which package managers are supported?
At launch we'll support npm (package.json), Go (go.mod), Python (requirements.txt, pyproject.toml), and Rust (Cargo.toml). More ecosystems will follow based on user demand.
Is this like Snyk or FOSSA?
Snyk and FOSSA focus on license compliance — scanning your current dependencies for license violations. Relicense focuses on license change detection — monitoring upstream projects over time and alerting you when a license changes. They're complementary tools solving different problems.
What happens if a dependency I use gets relicensed?
You'll receive an alert with: (1) the exact license change and diff, (2) a risk assessment of what the new license means for your use case, (3) links to known community forks if available, and (4) a recommended action timeline.
Instantly detect fake GitHub stars. Get a 0-100 credibility score for any repository based on stargazer behavior analysis.