Offline hybrid (Ed25519 + ML-DSA-44) software-license verification for project maintainers — Supported Source.
Project description
supso (Python)
Supported Source license checks for your project, from Supported Source.
Use this library to enforce licensing, so you'll know who is using your project, and can be sure they're paying for your paid licenses. It's just one call at startup to confirm the code running your software holds a valid license. The check is 100% offline, so there's no network, no license server to run, nothing phoning home.
import supso
license = supso.require_license("acme-db") # raises if unlicensed
print(f"licensed to {license.organization.name}, {license.seats()} seats")
Install
pip install supso-project
The package imports as supso:
import supso
Usage
Hard enforcement (raises when missing license)
This is what we suggest you do.
import supso
supso.require_license("acme-db")
Soft enforcement (does not raise errors)
If you would like to handle it yourself, use is_licensed and then write your own logic.
import supso
status = supso.check_license("acme-db") # logs a notice on grace/failure
if supso.is_licensed(status):
... # valid or within grace — run normally
status is one of supso.Valid, supso.Grace, or supso.Unlicensed
(distinguish via status.kind or isinstance).
Where licenses are found
When you don't pass a token, the library looks for a *.cert file (each holding
one license) in this order:
- an explicit path — the
certificate_path(...)option or theSUPSO_LICENSE_PATHenvironment variable (authoritative; no fallback); ~/.supso/license_certificates/;./.supso/license_certificates/.
A current license always wins. If none is current but one lapsed recently, it is
honored as Grace (default window 21 days) so your app keeps running while you
prompt the user to renew.
Errors
Every failure is a supso.SupsoError carrying a stable code so you can branch
on the reason: malformed, base64, bad_ed25519_signature,
bad_mldsa_signature, invalid_json, unsupported_schema, bad_timestamp,
expired, wrong_project, requirement_not_met, no_certificate,
none_valid, bad_trusted_key.
Development
uv venv && source .venv/bin/activate
uv pip install -e ".[dev]"
pytest
License
Apache-2.0. See LICENSE-APACHE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file supso_project-1.0.0.tar.gz.
File metadata
- Download URL: supso_project-1.0.0.tar.gz
- Upload date:
- Size: 21.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
485efae8383bd82f0ac1fe4e0921a91585138cd886f2b836e38c5c2cb34bb21b
|
|
| MD5 |
3af8a22a4a2eca75f5f3af1977fe4d4d
|
|
| BLAKE2b-256 |
2543a92d5d15b600c0d70545ba6958f675f81342eebe2c4de4641b336ed401f6
|
Provenance
The following attestation bundles were made for supso_project-1.0.0.tar.gz:
Publisher:
release.yml on SupsoOrg/supso-project-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
supso_project-1.0.0.tar.gz -
Subject digest:
485efae8383bd82f0ac1fe4e0921a91585138cd886f2b836e38c5c2cb34bb21b - Sigstore transparency entry: 1822146610
- Sigstore integration time:
-
Permalink:
SupsoOrg/supso-project-python@4b8243e77870305d45841b89807ef669f1869641 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/SupsoOrg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@4b8243e77870305d45841b89807ef669f1869641 -
Trigger Event:
release
-
Statement type:
File details
Details for the file supso_project-1.0.0-py3-none-any.whl.
File metadata
- Download URL: supso_project-1.0.0-py3-none-any.whl
- Upload date:
- Size: 20.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8d30bd9da9f03f60a1516b2c4eba50d79f3b35b1b34927b98f0d327ebd781e15
|
|
| MD5 |
4b5f09f2bde8cadee0f904a7eb049ebb
|
|
| BLAKE2b-256 |
06c227dc8500091d02a03b933bc87d520fe6e5e5171599f422f7d732b7b05152
|
Provenance
The following attestation bundles were made for supso_project-1.0.0-py3-none-any.whl:
Publisher:
release.yml on SupsoOrg/supso-project-python
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
supso_project-1.0.0-py3-none-any.whl -
Subject digest:
8d30bd9da9f03f60a1516b2c4eba50d79f3b35b1b34927b98f0d327ebd781e15 - Sigstore transparency entry: 1822146749
- Sigstore integration time:
-
Permalink:
SupsoOrg/supso-project-python@4b8243e77870305d45841b89807ef669f1869641 -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/SupsoOrg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@4b8243e77870305d45841b89807ef669f1869641 -
Trigger Event:
release
-
Statement type: