diff --git a/.github/workflows/check_license_status.yml b/.github/workflows/check_license_status.yml
new file mode 100644
index 00000000..d42caa33
--- /dev/null
+++ b/.github/workflows/check_license_status.yml
@@ -0,0 +1,32 @@
+# Fails if any of our dependencies have licenses that our incompatible with our
+# requirements (see .licensed.yml) OR if any of our dependencies have been
+# upgraded to a new version without us having updated their corresponding
+# license metadata file in .licenses/
+#
+# see https://github.com/actions/labeler/pull/91 for more context
+
+name: Check License Status
+
+on:
+  push:
+    branches:
+      - main
+      - licensed_cache_update
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  check_license:
+    needs: update_licenses_cache
+    if: always() # always run after we update the license cache. if it failed, we will probably just fail as well
+    runs-on: ubuntu-latest
+    name: Check License Status
+    steps:
+      - uses: actions/checkout@v2
+      - uses: jonabc/setup-licensed@v1.0.2
+        with:
+          version: '2.x'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: npm install
+      - run: licensed status
diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml
deleted file mode 100644
index 9a9fb79a..00000000
--- a/.github/workflows/licensed.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: Licensed
-
-on:
-  push: {branches: main}
-  pull_request: {branches: main}
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    name: Check licenses
-    steps:
-      - uses: actions/checkout@v2
-      - run: npm ci
-      - name: Install licensed
-        run: |
-          cd $RUNNER_TEMP
-          curl -Lfs -o licensed.tar.gz https://github.com/github/licensed/releases/download/3.0.1/licensed-3.0.1-linux-x64.tar.gz
-          sudo tar -xzf licensed.tar.gz
-          sudo mv licensed /usr/local/bin/licensed
-      - run: licensed status
\ No newline at end of file
diff --git a/.github/workflows/update_license_cache.yml b/.github/workflows/update_license_cache.yml
new file mode 100644
index 00000000..e41251f7
--- /dev/null
+++ b/.github/workflows/update_license_cache.yml
@@ -0,0 +1,32 @@
+# Updates our cache of license files in response to changes to our dependencies
+# declared in package-lock.json. Automatically commits the changes and pushes
+# them to your branch. NB `check_license_status` should always run *after* this
+#
+# see https://github.com/actions/labeler/pull/155 for more context
+
+name: Update License Cache
+
+on:
+  push:
+    branches:
+      - main
+    paths: [package-lock.json]
+  pull_request:
+    branches: main
+    paths: package-lock.json
+  workflow_dispatch:
+
+jobs:
+  update_licenses_cache:
+    runs-on: ubuntu-latest
+    name: Update License Cache
+    steps:
+      - uses: actions/checkout@v1
+      - uses: jonabc/setup-licensed@v1
+        with:
+          version: '2.x'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: npm install --production
+      - uses: jonabc/licensed-ci@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}