Log License

A tool for helping developers staying compliant within their software projects. The tool crawls dependencies and logs their licenses, allowing to document and restrict certain licenses within a software project.

DISCLAIMER: There is no guarentee that all sublicenses or licenses will be identified and reported. For highest ensurance, use lock files to also catch sub-dependencies. However, this only looks within the given package manager, meaning C libraries and alike will not be reported here.

Features

• Report and save log of licenses included in project
• Check coverage of packages supported accepted licenses
• Supporting pre-commits with coverage thresholds and allowing manual validation of unknown license types

Supported dependency files

Though the tool supports multiple file types, it is highly recommended to use lock files or do a ´pip freeze > requirements.txt´ in order to ensure all sub-dependencies are also evaluated for their license.

• poetry.lock
• pyproject.toml (traditional and poetry)
• requirements.txt (--develop adds search for requirements_dev.txt)

Supported package managers

• pypi

Installation

You can install Log License via pip from PyPI:

$ pip install loglicense

or using Poetry

$ poetry add loglicense

Quick example

Please see the Command-line Reference for details.

$ loglicense report path_to/poetry.lock

Example output:

| Name               | License                            |
|:-------------------|:-----------------------------------|
| click              | BSD-3-Clause                       |
| colorama           | BSD                                |
| importlib-metadata | Apache Software License            |
| pathlib            | MIT License                        |
| tabulate           | MIT                                |
| toml               | MIT                                |
| typer              | MIT License                        |
| typing-extensions  | Python Software Foundation License |
| zipp               | MIT License                        |

Alternatively you can let it search the executed directory for any supported file

$ loglicense report

Features to implement

• Support npmjs package manager (and package.json/package-lock.json)
• Support Pipfile, Pipfile.lock, conda.yaml, pip freeze

Contributing

Contributions are very welcome. To learn more, see the Contributor Guide.

License

Distributed under the terms of the Apache 2.0 license, Log License is free and open source software.

Issues

If you encounter any problems, please file an issue along with a detailed description.

Credits

This project was generated from @cjolowicz's Hypermodern Python Cookiecutter template.

This project is greatly inspired by dep-license created by Abdulelah Bin Mahfoodh.