Generate legal notices (attribution to authors and copyrights) for software packages

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for alkamod from gravatar.com alkamod

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B
  • Tags sbom , license , copyright , attribution , purl , package-url , legal-notices , compliance
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers
Report project as malware

This project has been archived.

The maintainers of this project have marked this project as archived. No new releases are expected.

Project description

PURL2NOTICES - Package URL (PURL) to Legal Notices

Generate legal notices (attribution to authors and copyrights) for software packages.

Features

  • Multi-format support: Process PURLs, archives (JAR/WAR/WHL), directories, and cache files
  • 12+ ecosystems: npm, PyPI, Maven, Cargo, Go, NuGet, Conda, and more
  • Smart extraction: Uses multiple engines (purl2src, upmex, oslili) for accurate license detection
  • Flexible output: Text/HTML with customizable Jinja2 templates
  • Cache management: CycloneDX format with merge capabilities
  • Override system: Customize licenses and filter unwanted content

Installation

pip install semantic-copycat-purl2notices

For development:

git clone https://github.com/oscarvalenzuelab/semantic-copycat-purl2notices.git
cd semantic-copycat-purl2notices
pip install -e .[dev]

Quick Start

# Process a single package
purl2notices -i pkg:npm/express@4.0.0

# Process an archive file
purl2notices -i library.jar -o NOTICE.txt

# Scan a directory
purl2notices -i ./src --recursive -o NOTICE.html -f html

# Process multiple packages
echo "pkg:npm/express@4.0.0" > packages.txt
echo "pkg:pypi/django@4.2.0" >> packages.txt
purl2notices -i packages.txt -o NOTICE.txt

Documentation

Common Use Cases

Generate notices for a project

purl2notices -i ./my-project --recursive --cache project.cache.json -o NOTICE.txt

Merge notices from multiple sources

purl2notices -i cache1.json --merge-cache cache2.json -o combined-NOTICE.txt

Customize output with overrides

purl2notices -i packages.txt --overrides custom.json -o NOTICE.txt

API Usage

from purl2notices import Purl2Notices
import asyncio

processor = Purl2Notices()
package = asyncio.run(processor.process_single_purl("pkg:npm/express@4.0.0"))
notices = processor.generate_notices([package])
print(notices)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for alkamod from gravatar.com alkamod

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B
  • Tags sbom , license , copyright , attribution , purl , package-url , legal-notices , compliance
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

1.2.0

1.1.9

1.1.8

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

semantic_copycat_purl2notices-1.2.0.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

semantic_copycat_purl2notices-1.2.0-py3-none-any.whl (2.0 MB view details)

Uploaded Python 3

File details

Details for the file semantic_copycat_purl2notices-1.2.0.tar.gz.

File metadata

File hashes

Hashes for semantic_copycat_purl2notices-1.2.0.tar.gz
Algorithm Hash digest
SHA256 17af1ff38c2d4db904d5e4d55bc806f659b9755a4322554996d01cd3f5dde632
MD5 78d847013eaf259594d6acb07d559d74
BLAKE2b-256 2272b888761bd9540f5334c2bb2f2ad844971ef56d8283c9e858a1f50f058233

See more details on using hashes here.

Provenance

The following attestation bundles were made for semantic_copycat_purl2notices-1.2.0.tar.gz:

Publisher: python-publish.yml on oscarvalenzuelab/semantic-copycat-purl2notices

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file semantic_copycat_purl2notices-1.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for semantic_copycat_purl2notices-1.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 811b6b29884f4e18ee3d13e57fe99b63a42849d4b186118bc9fcadd30c4520a1
MD5 6b2c1bd8802ceeb85c20a17f3f690da1
BLAKE2b-256 d8be22d05567de693651ed3d73a7c100e68668d08167219e01c8b545612ea7ed

See more details on using hashes here.

Provenance

The following attestation bundles were made for semantic_copycat_purl2notices-1.2.0-py3-none-any.whl:

Publisher: python-publish.yml on oscarvalenzuelab/semantic-copycat-purl2notices

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page