Skip to main content

A Python license checker

Project description

pylic - Python license checker GitHub license PyPI version Codecov

Reads pylic configuration in pyproject.toml and checks licenses of installed packages recursively.

Principles:

  • Every license has to be allowed explicitly (case-insensitive comparison).
  • All installed packages without a license are considered unsafe and have to be listed as such.

Only installed packages are checked for licenses. Packages/dependencies listed in pyproject.toml are ignored.

Installation

pip install pylic

Configuration

pylic needs be run in the directory where your pyproject.toml file is located. You can configure

  • safe_licenses: All licenses you consider safe for usage. The string comparison is case-insensitive.
  • unsafe_packages: If you rely on a package that does not come with a license you have to explicitly list it as such.
  • ignore_packages: Packages that will not be reported as unsafe even if they use a license not listed as safe. This is useful in case an existing projects want to start integrating pylic, but are still using unsafe licenses. This enables first to ignore these packages temporarely, while they're being replaced, second to already validate newly added or updated packages against the safe license set and third to integrate pylic frictionless into CI/CD from the get go.
[tool.pylic]
safe_licenses = [
    "Apache Software License",
    "Apache License 2.0",
    "MIT License",
    "Python Software Foundation License",
    "Mozilla Public License 2.0 (MPL 2.0)",
]
unsafe_packages = [
    "unlicensedPackage",
]
ignore_packages = [
    "ignoredPackage",
]

Commands

pylic provides the following commands (also see pylic help):

  • check: Checks all installed licenses.
  • list: Lists all installed packages and their corresponding license.

Usage Example

Create a venv to start with a clean ground and activate it

python -m venv .venv
source .venv/bin/activate

Install pylic and create an empty pyproject.toml

pip install pylic
touch pyproject.toml

Install all your dependencies

pip install <packageA> <packageB>

Run pylic

pylic check

The output will be similar to

Found unsafe packages:
  pkg_resources (0.0.0)
Found unsafe licenses:
  pip (18.1): MIT License
  zipp (3.4.1): MIT License
  toml (0.10.2): MIT License
  pylic (1.2.0): MIT License
  setuptools (40.8.0): MIT License
  typing-extensions (3.7.4.3): Python Software Foundation License
  importlib-metadata (3.9.0): Apache Software License

The return code of pylic is in this case non-zero due to unsafe licenses. This allows usage of pylic in CI.

echo $? # prints 1

As these licenses and packages are all ok we can configure pylic accordingly

cat <<EOT >> pyproject.toml
[tool.pylic]
safe_licenses = ["Apache Software License", "MIT License", "Python Software Foundation License"]
unsafe_packages = ["pkg_resources"]
EOT

After rerunning pylic check the output now reveals a successful validation

 All licenses ok 

Also the return code now signals that all is good

echo $? # prints 0

Use pylic list to list all installed packages and their corresponding licenses.

Advanced Usage

In cases where the safe licenses or unsafe packages are centrally managed keeping the configuration in perfect sync to the installed packages might be too cumbersome or even impossible. To support these use cases the check command provides the two options (see also check --help) --allow-extra-safe-licenses and --allow-extra-unused-packages. These options only affect the returned status code and will keep all corresponding printed warnings unchanged.

Pre-commit

pylic provides a pre-commit integration. Follow the instructions and enable automatic license checking on commits by adding

-  repo: https://github.com/ubersan/pylic
   rev: v<version>
   hooks:
   -  id: pylic

to your .pre-commit-config.yaml file.

Development

Required tools:

Run poetry install to install all necessary dependencies. Checkout the [tool.taskipy.tasks] (see taskipy) section in the pyproject.toml file for utility tasks. You can run these with poetry run task <task>.

Creating a new release is as simple as:

  • Update version in the pyproject.toml and the __version__.py file.
  • poetry run task release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pylic-4.0.0.tar.gz (10.8 kB view details)

Uploaded Source

Built Distribution

pylic-4.0.0-py3-none-any.whl (12.3 kB view details)

Uploaded Python 3

File details

Details for the file pylic-4.0.0.tar.gz.

File metadata

  • Download URL: pylic-4.0.0.tar.gz
  • Upload date:
  • Size: 10.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.4 CPython/3.9.20 Linux/6.5.0-1025-azure

File hashes

Hashes for pylic-4.0.0.tar.gz
Algorithm Hash digest
SHA256 8463aae6f0cf63b482978ddf41e74297a69f789e6bfab68e172e2beb9967f6c7
MD5 28dee00d2ed527abe568ec0248e8c433
BLAKE2b-256 2c390ac33e476fe95819632884159d85029daa0a5bc06889c46dacf9141df22a

See more details on using hashes here.

File details

Details for the file pylic-4.0.0-py3-none-any.whl.

File metadata

  • Download URL: pylic-4.0.0-py3-none-any.whl
  • Upload date:
  • Size: 12.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.4 CPython/3.9.20 Linux/6.5.0-1025-azure

File hashes

Hashes for pylic-4.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 06b7aae012bbb4376e405c491b26582c0de597c4497c57abaffef092c9226579
MD5 d51eb3ee8aeca8ba7f7586dfa7d706a2
BLAKE2b-256 3801163dea9ce97fb790c0f67fe2b26ca851c1f7cbce7cd711e863fec1fcaeb0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page