Analyze dependency licenses for Python projects, with compatibility checks and outbound license recommendations
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
license-audit
Analyze dependency licenses for Python projects.
license-audit tells you what license your project can use, flags incompatible combinations, and generates compliance documents suitable for CI gating.
Features
- License detection across the full transitive tree, from PEP 639 metadata, the legacy
Licensefield, trove classifiers, and user overrides. - Pairwise compatibility checking against the OSADL compatibility matrix (~120 licenses).
- Outbound license recommendations ranked by permissiveness.
- Compliance reports as Markdown, JSON, or third-party-notices.
- CI exit codes that distinguish policy violations from undetected licenses.
- Reads
uv.lock,poetry.lock,pixi.lock,pyproject.toml,requirements.txt, and live virtualenvs.
Installation
pip install license-audit
Or with uv:
uv add license-audit --dev
Quickstart
Run against the current project directory:
license-audit --target . analyze
License Analysis: my-project
Dependency Licenses
Package Version License Category Source Parent
click 8.1.7 BSD-3-Clause permissive pep639 (direct)
pydantic 2.9.2 MIT permissive pep639 (direct)
rich 13.9.4 MIT permissive pep639 (direct)
Recommended Outbound Licenses (most -> least permissive):
-> MIT
BSD-3-Clause
Apache-2.0
...
Summary
Total dependencies: 3
Policy check: PASSED
CI quickstart
Add to your pipeline to gate on license policy:
jobs:
license-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v5
- run: uv sync --locked
- run: uv run license-audit check
Exit codes:
| Code | Meaning |
|---|---|
0 |
All dependencies pass the policy |
1 |
Policy violation (incompatible pairs or denied licenses) |
2 |
Unknown licenses detected (when fail-on-unknown = true) |
For GitLab, pre-commit, handling unknowns, and the new-dependency workflow, see the CI integration guide.
Configuration
[tool.license-audit]
fail-on-unknown = true
policy = "permissive" # permissive | weak-copyleft | strong-copyleft | network-copyleft
allowed-licenses = ["MIT", "Apache-2.0", "BSD-3-Clause"]
denied-licenses = ["GPL-3.0-only"]
[tool.license-audit.overrides]
some-internal-package = "MIT"
dual-licensed-pkg = "Apache-2.0 OR MIT"
[tool.license-audit.ignored-packages]
pandas-stubs = "Stubs only, not redistributed"
Full reference: user guide -> configuration.
Documentation
Full documentation lives at https://dgeragh.github.io/license-audit:
License
MIT. See LICENSE.
This project bundles data from the OSADL Open Source License Obligations Checklists project, licensed under CC-BY-4.0. See THIRD_PARTY_NOTICES.md for full attribution.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file license_audit-0.6.0.tar.gz.
File metadata
- Download URL: license_audit-0.6.0.tar.gz
- Upload date:
- Size: 154.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
30992578939f2c5a319e80c661578e2c1a76a5e318578d08921878e7354066cc
|
|
| MD5 |
7a25b7002e561257c781704c17b3ca0b
|
|
| BLAKE2b-256 |
1950af2e953c7ec94e4c010bfb2ed2651135f80dcb2a0c4c4e7d6f8888651c6f
|
Provenance
The following attestation bundles were made for license_audit-0.6.0.tar.gz:
Publisher:
release.yml on dgeragh/license-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
license_audit-0.6.0.tar.gz -
Subject digest:
30992578939f2c5a319e80c661578e2c1a76a5e318578d08921878e7354066cc - Sigstore transparency entry: 1443297056
- Sigstore integration time:
-
Permalink:
dgeragh/license-audit@2aae81296ea28f37ebd30dfbe5a425c7b9f37721 -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/dgeragh
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@2aae81296ea28f37ebd30dfbe5a425c7b9f37721 -
Trigger Event:
push
-
Statement type:
File details
Details for the file license_audit-0.6.0-py3-none-any.whl.
File metadata
- Download URL: license_audit-0.6.0-py3-none-any.whl
- Upload date:
- Size: 63.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
467c3db9106aee3fd4215d0666e9913cadcbc7f78b7fa1ced1a901bda6571851
|
|
| MD5 |
5ae879a6f0517e32b49d403d896d1a33
|
|
| BLAKE2b-256 |
c8534211bde886ab0807d6cd50b2a30cf1e6d5756038d0944d580928e5661684
|
Provenance
The following attestation bundles were made for license_audit-0.6.0-py3-none-any.whl:
Publisher:
release.yml on dgeragh/license-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
license_audit-0.6.0-py3-none-any.whl -
Subject digest:
467c3db9106aee3fd4215d0666e9913cadcbc7f78b7fa1ced1a901bda6571851 - Sigstore transparency entry: 1443297129
- Sigstore integration time:
-
Permalink:
dgeragh/license-audit@2aae81296ea28f37ebd30dfbe5a425c7b9f37721 -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/dgeragh
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@2aae81296ea28f37ebd30dfbe5a425c7b9f37721 -
Trigger Event:
push
-
Statement type:
