Recently, we had some concerns regarding licenses for the Node.js sub-dependencies, and there was a suggestion on nodejs/node#49625 to include a script that validates the licenses for the Node.js dependencies.

As an initial kick-off, we had this comment on nodejs/node#49625 (comment).

This will require a good discussion within the team, but overall potential objectives (from #1100) are:

• Include a script/GH Action that consolidates the project dependencies and stores them.
• Trigger an alert (issue/PR) if there are changes in the licenses (sub-dependency added/removed, relicensed).
• Create documentation on how to review these changes and what the criteria are to accept/reject them.