A Python package that audits package licenses and provenance against user-defined allow/deny policies.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for John2416 from gravatar.com John2416

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags license , compliance , dependencies
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

licenses-deny

Simple CLI to inspect Python environment dependencies for license compliance, banned packages, and allowed sources.

Requirements

  • Python 3.11+
  • Virtual environment activated before running checks (required by the tool)

Installation

pip install licenses-deny

Usage

# Initialize template configuration near project root
licenses-deny init

# List installed packages with detected license/source
licenses-deny list

# Run checks (licenses + bans + sources)
licenses-deny check

# Run only license checks in strict mode
licenses-deny check licenses --strict

Configuration

licenses-deny.toml follows a cargo-deny inspired layout:

[licenses]
allow = ["MIT", "Apache-2.0"]
deny = ["GPL-3.0", "AGPL-3.0"]
unlicensed = "deny" # allow | deny | warn
exceptions = [
  { package = "example-special", allow = ["MPL-2.0"], reason = "Reviewed internally" },
]
# [[licenses.clarify]]
# package = "example"
# expression = "GPL-2.0"
# version = ">= 2.0"
# link = ""

[licenses.private]
ignore = false
registries = []

[bans]
deny = [{ name = "leftpad", reason = "Security review failed" }]
skip = []

[sources]
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = []
allow-git = []
[sources.allow-org]
github = ["my-company"]

Development

# Install in editable mode
pip install -e .

# Run CLI directly from source
python -m licenses_deny --help

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for John2416 from gravatar.com John2416

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags license , compliance , dependencies
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

0.1.6

0.1.5

0.1.4

This version

0.1.3

0.1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

licenses_deny-0.1.3.tar.gz (17.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

licenses_deny-0.1.3-py3-none-any.whl (21.1 kB view details)

Uploaded Python 3

File details

Details for the file licenses_deny-0.1.3.tar.gz.

File metadata

  • Download URL: licenses_deny-0.1.3.tar.gz
  • Upload date:
  • Size: 17.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.8.3

File hashes

Hashes for licenses_deny-0.1.3.tar.gz
Algorithm Hash digest
SHA256 782da496e6c46784f6a657559c2a89862ab66956e76a4dcd1bdb0c2b142fa2a8
MD5 8e3940da7310bff5e8e8d212b6c257c4
BLAKE2b-256 2f130421fca2130d9d278b8fe1575dcbf8569f6a2fdcce1193ce49b50b0228a5

See more details on using hashes here.

File details

Details for the file licenses_deny-0.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for licenses_deny-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 38963788f191c9ba5167dda2f2c5ab68d8b12f2f6fccf0470c89733aa0bbe487
MD5 6458ba2e6fb303784f59ffb287e5e9e4
BLAKE2b-256 09b544cf62e0b513aba05b1fa891579ad41bafed7ae837d87bea48bfe887eff0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page