Yeah, I imagine at least some NPM packages will be licensed under Apache-2.0, for example, which states:
- Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
a. You must give any other recipients of the Work or Derivative Works a copy of this License;
At $DAYJOB, we're building a web-UI with WebAssembly+Rust, so I can't provide details how to do that with NPM, but basically, what we do is:
- When building a release artifact, collect license information for all libraries. Presumably, NPM should provide this. Maybe there's some extension/script/whatever for NPM that can collect this information for you. We then place the collected license information in a JSON file into a directory of the release artifact, where it will get served.
- Create a UI page with a table that displays all packages with their respective licenses.
- Link this page somewhere as "About" or "Licenses".