What "Unknown License" Really Means
TL;DR: "Unknown" usually means the tool couldn't confidently detect the license from metadata, not that the package has no license. These entries deserve manual review, not blind trust or panic.
Common reasons for unknown licenses
- The license field is missing or non-standard in package metadata.
- The project uses a custom or uncommon license string.
- The tool only had access to a partial view of the project.
How Inspectly handles unknown licenses
The Dependency License & Risk Inspector treats missing or unrecognized license indicators as a heuristic risk and recommends manual review.
Next steps when you see unknown licenses
- Visit the project's repository or documentation to locate the license.
- Capture what you find for future reference (for example, in an internal catalog).
- Discuss edge cases with your legal or compliance team.
Review Unknown Licenses in Context
Use the Dependency License & Risk Inspector to see which dependencies appear with unknown or missing license indicators so you can prioritize manual checks.
This content is for informational purposes only and is not legal advice.