Analyze dependency licenses for Python projects, with compatibility checks and outbound license recommendations

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dgeragh from gravatar.com dgeragh

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Devin Geraghty
  • Tags compliance , dependencies , license , oss , spdx
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

license-audit

Analyze dependency licenses for Python projects.

license-audit tells you what license your project can use, flags incompatible combinations, and generates compliance documents suitable for CI gating.

Features

  • License detection from PEP 639 metadata, trove classifiers, and user overrides across the full transitive tree.
  • Pairwise compatibility checking against the OSADL compatibility matrix (~120 licenses).
  • Outbound license recommendations ranked by permissiveness.
  • Compliance reports as Markdown, JSON, or third-party-notices.
  • CI exit codes that distinguish policy violations from undetected licenses.
  • Reads uv.lock, poetry.lock, pixi.lock, pyproject.toml, requirements.txt, and live virtualenvs.

Installation

pip install license-audit

Or with uv:

uv add license-audit --dev

Quickstart

Run against the current project directory:

license-audit --target . analyze

License Analysis: my-project

Dependency Licenses
  Package   Version  License        Category    Source  Parent
  click     8.1.7    BSD-3-Clause   permissive  pep639  (direct)
  pydantic  2.9.2    MIT            permissive  pep639  (direct)
  rich      13.9.4   MIT            permissive  pep639  (direct)

Recommended Outbound Licenses (most -> least permissive):
  -> MIT
     BSD-3-Clause
     Apache-2.0
     ...

Summary
  Total dependencies: 3
  Policy check:       PASSED

CI quickstart

Add to your pipeline to gate on license policy:

jobs:
  license-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: astral-sh/setup-uv@v5
      - run: uv sync --locked
      - run: uv run license-audit check

Exit codes:

Code Meaning
0 All dependencies pass the policy
1 Policy violation (incompatible pairs or denied licenses)
2 Unknown licenses detected (when fail-on-unknown = true)

For GitLab, pre-commit, handling unknowns, and the new-dependency workflow, see the CI integration guide.

Configuration

[tool.license-audit]
fail-on-unknown = true
policy = "permissive"  # permissive | weak-copyleft | strong-copyleft | network-copyleft
allowed-licenses = ["MIT", "Apache-2.0", "BSD-3-Clause"]
denied-licenses = ["GPL-3.0-only"]

[tool.license-audit.overrides]
some-internal-package = "MIT"
dual-licensed-pkg = "Apache-2.0 OR MIT"

[tool.license-audit.ignored-packages]
pandas-stubs = "Stubs only, not redistributed"

Full reference: user guide -> configuration.

Documentation

Full documentation lives at https://dgeragh.github.io/license-audit:

License

MIT. See LICENSE.

This project bundles data from the OSADL Open Source License Obligations Checklists project, licensed under CC-BY-4.0. See THIRD_PARTY_NOTICES.md for full attribution.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dgeragh from gravatar.com dgeragh

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Devin Geraghty
  • Tags compliance , dependencies , license , oss , spdx
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

0.7.0

0.6.0

0.5.0

This version

0.4.0

0.3.0

0.2.0

0.1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

license_audit-0.4.0.tar.gz (150.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

license_audit-0.4.0-py3-none-any.whl (61.5 kB view details)

Uploaded Python 3

File details

Details for the file license_audit-0.4.0.tar.gz.

File metadata

  • Download URL: license_audit-0.4.0.tar.gz
  • Upload date:
  • Size: 150.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for license_audit-0.4.0.tar.gz
Algorithm Hash digest
SHA256 b4103c1845652d53a4c7261535f726b38841a25a24dd5d9826f25e4a1e6e6836
MD5 464e9e4b6ca05e4f112298719f9a259f
BLAKE2b-256 8356e8242826c8407ca0f7ef5d936085ea70e8cb6629afa9c4b899573795b38f

See more details on using hashes here.

Provenance

The following attestation bundles were made for license_audit-0.4.0.tar.gz:

Publisher: release.yml on dgeragh/license-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file license_audit-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: license_audit-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 61.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for license_audit-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 875e007835e736c1b629387de9e87c4b2942daf23bd38a9de3c8763f916ac3fb
MD5 eb51063c8e00416711dd4efb3ad42664
BLAKE2b-256 1e68cc115e8defc371608f83934f73677db4c9a91a1086f8b2d299f98a1da329

See more details on using hashes here.

Provenance

The following attestation bundles were made for license_audit-0.4.0-py3-none-any.whl:

Publisher: release.yml on dgeragh/license-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page