Skip to main content

A Python license checker

Project description

pylic - Python license checker GitHub license PyPI version

A Python license checker. pylic is PEP-639-compliant and supports the SPDX License Expression syntax.

Principles:

  • All licenses of all installed packages are relevant.
  • All installed packages without a license are considered unsafe and have to be listed as such.
  • Every license has to be allowed explicitly.

Installation

pip install pylic

Configuration

pylic needs be run in the directory where your pyproject.toml file is located. You can configure

  • safe_licenses: All licenses you consider safe for usage. The string comparison is case-insensitive.
  • unsafe_packages: List packages that have no license or use licenses not considered safe.
[tool.pylic]
safe_licenses = [
    "Apache Software License",
    "Apache License 2.0",
    "MIT License",
    "Python Software Foundation License",
    "Mozilla Public License 2.0 (MPL 2.0)",
]
unsafe_packages = [
    "unsafe_package",
]

Commands

pylic provides the following commands (also see pylic --help):

  • check: Checks all installed licenses.
  • list: Lists all installed packages and their corresponding license.

Usage Example

Create a venv to start with a clean ground and activate it

python -m venv .venv
source .venv/bin/activate

Install pylic and create an empty pyproject.toml

pip install pylic
touch pyproject.toml

Install all your dependencies

pip install <packageA> <packageB>

Run pylic

pylic check

The output will be similar to

Found unsafe packages:
  pkg_resources (0.0.0)
Found unsafe licenses:
  pip (18.1): MIT License
  zipp (3.4.1): MIT License
  toml (0.10.2): MIT License
  pylic (1.2.0): MIT License
  setuptools (40.8.0): MIT License
  typing-extensions (3.7.4.3): Python Software Foundation License
  importlib-metadata (3.9.0): Apache Software License

The return code of pylic is in this case non-zero due to unsafe licenses. This allows usage of pylic in CI.

echo $? # prints 1

As these licenses and packages are all ok we can configure pylic accordingly

cat <<EOT >> pyproject.toml
[tool.pylic]
safe_licenses = ["Apache Software License", "MIT License", "Python Software Foundation License"]
unlicensed_packages = ["pkg_resources"]
EOT

After rerunning pylic check the output now reveals a successful validation

 All licenses ok 

Also the return code now signals that all is good

echo $? # prints 0

Use pylic list to list all installed packages and their corresponding licenses.

Advanced Usage

In cases where the safe licenses or unsafe packages are centrally managed keeping the configuration in perfect sync to the installed packages might be too cumbersome or even impossible. To support these use cases the check command provides the two options (see also check --help) --allow-extra-safe-licenses and --allow-extra-unsafe-packages. These options only affect the returned status code and will keep all corresponding warnings unchanged.

Pre-commit

pylic provides a pre-commit integration. Follow the instructions and enable automatic license checking on commits by adding

-  repo: https://github.com/ubersan/pylic
   rev: v<version>
   hooks:
   -  id: pylic

to your .pre-commit-config.yaml file.

Development

Required tools:

Run uv sync to install all necessary dependencies. Checkout the [tool.taskipy.tasks] (see taskipy) section in the pyproject.toml file for utility tasks. You can run these with uv run task <task>.

Creating a new release is as simple as:

  • Update version in the pyproject.toml and the __version__.py file.
  • Run git tag <new-version>.
  • Run git push origin <new-version>.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pylic-5.0.1.tar.gz (22.0 kB view details)

Uploaded Source

Built Distribution

pylic-5.0.1-py3-none-any.whl (7.4 kB view details)

Uploaded Python 3

File details

Details for the file pylic-5.0.1.tar.gz.

File metadata

  • Download URL: pylic-5.0.1.tar.gz
  • Upload date:
  • Size: 22.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.6.8

File hashes

Hashes for pylic-5.0.1.tar.gz
Algorithm Hash digest
SHA256 2948a64298f3f3b3a1ce8b81e0bfc6ee73eeccb5a9a8785c3c5c362d771d7f6a
MD5 415351e5bde07fbb6d2072e443cccee0
BLAKE2b-256 8080f9c03d4c6f8e6db67582408dbb4c042dd788435d95e75268af61a27729d3

See more details on using hashes here.

File details

Details for the file pylic-5.0.1-py3-none-any.whl.

File metadata

  • Download URL: pylic-5.0.1-py3-none-any.whl
  • Upload date:
  • Size: 7.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.6.8

File hashes

Hashes for pylic-5.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ae9a863acec4df949f005c3f30c78045a204ee19a7e4c652fdf791d72b4b8bad
MD5 291ef75db4bb9dcdfe22738d02a866f0
BLAKE2b-256 6cbfdbb14e8e2d72952784570156fa885750eaf81fd03e45c93bf5dc2c1ab97b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page