npm-scan / Licensing

npm-scan. Honest licensing.

MIT licensed. Free to download and test. Purchase Business License when deploying with your company.

MIT License

Free

Community & Evaluation — individuals, open source projects, teams evaluating

Download from GitHub

Business License

Company with employees?

Annual subscription required

See Pricing

Built by a CISSP-certified engineer with 8 years in critical healthcare infrastructure.

Evaluating for a commercial deployment? Use the MIT version free, no time limit. Purchase when you're ready to ship to production.

Business Value

Why Licensed Open Source Protects Your Business

ROI vs. Attack Cost. A single supply chain breach from a malicious npm package can cost $100k–$5M+ in incident response, legal liability, reputation damage, and downtime. npm-scan at $799–$9,900/year pays for itself 12–625x over if it prevents even one incident. When a typosquatted dependency or infostealer reaches production, the cleanup cost dwarfs any licensing fee. This isn't academic — it's the math of modern software defense.

Legal & Compliance Protection. Licensed open source provides the documentation and clarity that enterprise audits demand: clear legal documentation for audit trails, liability clarity through a legitimate paid tool, compliance evidence for SOC 2, ISO 27001, FedRAMP, and customer security reviews, and defensibility in breach post-mortems — "we invested in detection tools" is a stronger position than "we relied on free software."

Why Legal Departments Prefer Licensed Open Source. Paid licensing eliminates ambiguity around usage rights. The Business License Agreement provides explicit legal protection and demonstrates due diligence to insurers and regulators. It also reduces supply chain risk itself — you're not depending on unpaid volunteer maintenance for your security infrastructure. An auditable vendor relationship replaces "free tool nobody is responsible for" with a contract holder who has obligations.

Additional Business Benefits. Email support included means faster resolution than GitHub issues. Vendor accountability means you have a contract, not a hope. Enterprise credibility proves you invest in infrastructure. And sustainable maintenance funding keeps npm-scan updated against new threats — because attackers don't stop innovating, and neither should your defenses.

How It Works

MIT or Business License?

MIT License (Free)

Who: Individuals, non-profits, students, open source projects, evaluation

Cost: Free

Features: All features included, unlimited use

Time Limit: None — use forever

Support: Community (GitHub issues)

Examples:

  • Solo founder working alone
  • Non-profit organization
  • University research project
  • Open source maintainer
  • Teams evaluating for production
Download (MIT)

Business License Agreement (Paid)

Who: Companies with employees using the tool

Cost: Annual subscription (tiered)

Features: All features included, unlimited use

Time Limit: None — use as long as subscribed

Support: Email support included

Examples:

  • Startup with 5 employees
  • Mid-size team (25 devs)
  • Enterprise company (100+ devs)
  • Any company on payroll using the tool
See Pricing Tiers

Simple Rule: Evaluate freely, no time limit. A Business License is required when your team ships to production. Questions? Just ask.

Pricing

npm-scan Business License.

Small Team

1–10 developers

$799/year

Prevents $100k+ supply chain breaches → ROI 125–625x

  • All features included
  • Unlimited use
  • Covers 1–10 developers
  • Email support
  • Legal documentation
Request License

Mid-Market

10–50 developers

$2,499/year

Compliance requirement met → ROI 40–200x

  • All features included
  • Unlimited use
  • Covers 10–50 developers
  • Email support
  • Legal documentation
Request License

Enterprise

50+ developers

$9,900/year

Mission-critical security → ROI 60x+ vs Snyk

  • All features included
  • Unlimited use
  • Covers 50+ developers
  • Email support
  • Legal documentation
  • Custom terms available
Contact Sales
FAQ

Common questions.

Do I need a license if I'm a solo founder?+

No. Solo founders without employees can use npm-scan under the free MIT license forever. This includes indie hackers, one-person SaaS businesses, and bootstrapped founders.

What if I'm using it for open source?+

Open source projects always use the free MIT license, even if they're backed by companies. The license applies to the *project*, not the organization.

Can I run everything locally?+

Yes. There are no hosted services, no SaaS, no cloud lock-in. Everything runs on your infrastructure with your credentials. You own your data completely.

Does the license restrict code access?+

No. All npm-scan code stays open source under MIT. The Business License is a *legal agreement*, not a technical restriction. No code gatekeeping, no features disabled.

What counts as "employees"?+

Anyone on your payroll or W2/contractor. If you're paying people to work for your company (including yourself on a salary), you have employees. Solo founders without employees don't.

What about startups with VC funding?+

If you have employees (even two founders with a hire), you need a Business License. We recommend the Small Team license as a starting point.

Is there a free trial?+

Yes—the entire MIT License is a free trial. Use npm-scan fully for free. When you add employees or cross the commercial threshold, upgrade to a Business License.

What if I'm not sure which tier I need?+

No problem. Contact us with your situation and we'll help you pick the right license. No judgment, just fairness.

Contact

Questions?

Not sure which license you need? Need a custom arrangement? Let's talk.

Email: licensing@lateos.ai

Or reach out on GitHub