Skip to main content

Analyze dependency licenses for Python projects, with compatibility checks and outbound license recommendations

Project description

license-audit

CI PyPI Python versions License

Analyze dependency licenses for Python projects.

license-audit tells you what license your project can use, flags incompatible combinations, and generates compliance documents suitable for CI gating.

Features

  • License detection across the full transitive tree, from PEP 639 metadata, the legacy License field, trove classifiers, and user overrides.
  • Pairwise compatibility checking against the OSADL compatibility matrix (~120 licenses).
  • Outbound license recommendations ranked by permissiveness.
  • Compliance reports as Markdown, JSON, or third-party-notices.
  • CI exit codes that distinguish policy violations from undetected licenses.
  • Reads the licenses straight from your installed environment: provision it however you like (uv, Poetry, pip), then point license-audit at it.

Installation

pip install license-audit

Or with uv:

uv add license-audit --dev

Quickstart

Provision your dependencies first, then run license-audit inside that environment:

uv sync
uv run license-audit analyze

Or point it at an existing virtualenv:

license-audit --target .venv analyze
License Analysis: my-project

Dependency Licenses
  Package   Version  License        Category    Source  Parent
  click     8.1.7    BSD-3-Clause   permissive  pep639  (direct)
  pydantic  2.9.2    MIT            permissive  pep639  (direct)
  rich      13.9.4   MIT            permissive  pep639  (direct)

Recommended Outbound Licenses (most -> least permissive):
  -> MIT
     Apache-2.0
     BSD-2-Clause
     ...

Summary
  Total dependencies: 3
  Unknown licenses:   0
  Copyleft licenses:  0
  Policy check:       PASSED

CI quickstart

Add to your pipeline to gate on license policy:

jobs:
  license-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: astral-sh/setup-uv@v5
      - run: uv sync --locked
      - run: uv run license-audit check

Exit codes:

Code Meaning
0 All dependencies pass the policy
1 Policy violation (incompatible pairs, denied licenses, or category exceeded)
2 Unknown licenses detected (when fail-on-unknown = true)

For GitLab, pre-commit, handling unknowns, and the new-dependency workflow, see the CI integration guide.

Configuration

[tool.license-audit]
fail-on-unknown = true
policy = "permissive"  # permissive | weak-copyleft | strong-copyleft | network-copyleft
allowed-licenses = ["MIT", "Apache-2.0", "BSD-3-Clause"]
denied-licenses = ["GPL-3.0-only"]

[tool.license-audit.overrides]
some-internal-package = "MIT"
dual-licensed-pkg = "Apache-2.0 OR MIT"

[tool.license-audit.ignored-packages]
pandas-stubs = "Stubs only, not redistributed"

Full reference: user guide -> configuration.

Documentation

Full documentation lives at https://dgeragh.github.io/license-audit:

License

MIT. See LICENSE.

This project bundles data from the OSADL Open Source License Obligations Checklists project, licensed under CC-BY-4.0. See THIRD_PARTY_NOTICES.md for full attribution.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

license_audit-0.12.0.tar.gz (163.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

license_audit-0.12.0-py3-none-any.whl (57.8 kB view details)

Uploaded Python 3

File details

Details for the file license_audit-0.12.0.tar.gz.

File metadata

  • Download URL: license_audit-0.12.0.tar.gz
  • Upload date:
  • Size: 163.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for license_audit-0.12.0.tar.gz
Algorithm Hash digest
SHA256 bd15d75e22b404b484be91a33457821496d2b355051c7467b22e25b7e84b5e97
MD5 37d9d7cd1a5ca19abed23d6c13027c33
BLAKE2b-256 3321a0beb776528549f752790f6409042957895d014d8667e3ddb8f1bdb07d30

See more details on using hashes here.

Provenance

The following attestation bundles were made for license_audit-0.12.0.tar.gz:

Publisher: release.yml on dgeragh/license-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file license_audit-0.12.0-py3-none-any.whl.

File metadata

  • Download URL: license_audit-0.12.0-py3-none-any.whl
  • Upload date:
  • Size: 57.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for license_audit-0.12.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0f85a2b96ab34a8fb9c90e5c47156e6dce0d588e543c7ae04ec78af0d5402ae0
MD5 f63d416c9765a72c852d18fd4ebcb93a
BLAKE2b-256 e1057402de60ea012c8d6e9ed8c43b0e57dc87d83ede7c66405054f3e2aecb4c

See more details on using hashes here.

Provenance

The following attestation bundles were made for license_audit-0.12.0-py3-none-any.whl:

Publisher: release.yml on dgeragh/license-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page