Skip to main content

Offline hybrid (Ed25519 + ML-DSA-44) software-license verification for project maintainers — Supported Source.

Project description

supso (Python)

Supported Source license checks for your project, from Supported Source.

Use this library to enforce licensing, so you'll know who is using your project, and can be sure they're paying for your paid licenses. It's just one call at startup to confirm the code running your software holds a valid license. The check is 100% offline, so there's no network, no license server to run, nothing phoning home.

import supso

license = supso.require_license("acme-db")  # raises if unlicensed
print(f"licensed to {license.organization.name}, {license.seats()} seats")

Install

pip install supso-project

The package imports as supso:

import supso

Usage

Hard enforcement (raises when missing license)

This is what we suggest you do.

import supso
supso.require_license("acme-db")

Soft enforcement (does not raise errors)

If you would like to handle it yourself, use is_licensed and then write your own logic.

import supso

status = supso.check_license("acme-db")  # logs a notice on grace/failure
if supso.is_licensed(status):
    ...  # valid or within grace — run normally

status is one of supso.Valid, supso.Grace, or supso.Unlicensed (distinguish via status.kind or isinstance).

Where licenses are found

When you don't pass a token, the library looks for a *.cert file (each holding one license) in this order:

  1. an explicit path — the certificate_path(...) option or the SUPSO_LICENSE_PATH environment variable (authoritative; no fallback);
  2. ~/.supso/license_certificates/;
  3. ./.supso/license_certificates/.

A current license always wins. If none is current but one lapsed recently, it is honored as Grace (default window 21 days) so your app keeps running while you prompt the user to renew.

Errors

Every failure is a supso.SupsoError carrying a stable code so you can branch on the reason: malformed, base64, bad_ed25519_signature, bad_mldsa_signature, invalid_json, unsupported_schema, bad_timestamp, expired, wrong_project, requirement_not_met, no_certificate, none_valid, bad_trusted_key.

Development

uv venv && source .venv/bin/activate
uv pip install -e ".[dev]"
pytest

License

Apache-2.0. See LICENSE-APACHE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

supso_project-1.0.0.tar.gz (21.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

supso_project-1.0.0-py3-none-any.whl (20.3 kB view details)

Uploaded Python 3

File details

Details for the file supso_project-1.0.0.tar.gz.

File metadata

  • Download URL: supso_project-1.0.0.tar.gz
  • Upload date:
  • Size: 21.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for supso_project-1.0.0.tar.gz
Algorithm Hash digest
SHA256 485efae8383bd82f0ac1fe4e0921a91585138cd886f2b836e38c5c2cb34bb21b
MD5 3af8a22a4a2eca75f5f3af1977fe4d4d
BLAKE2b-256 2543a92d5d15b600c0d70545ba6958f675f81342eebe2c4de4641b336ed401f6

See more details on using hashes here.

Provenance

The following attestation bundles were made for supso_project-1.0.0.tar.gz:

Publisher: release.yml on SupsoOrg/supso-project-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file supso_project-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: supso_project-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 20.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for supso_project-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 8d30bd9da9f03f60a1516b2c4eba50d79f3b35b1b34927b98f0d327ebd781e15
MD5 4b5f09f2bde8cadee0f904a7eb049ebb
BLAKE2b-256 06c227dc8500091d02a03b933bc87d520fe6e5e5171599f422f7d732b7b05152

See more details on using hashes here.

Provenance

The following attestation bundles were made for supso_project-1.0.0-py3-none-any.whl:

Publisher: release.yml on SupsoOrg/supso-project-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page