pylic - Python license checker

Reads pylic configuration in pyproject.toml and checks licenses of installed packages recursively.

Principles:

• Every license has to be allowed explicitly (case-insensitive comparison).
• All installed packages without a license are considered unsafe and have to be listed as such.

Only installed packages are checked for licenses. Packages/dependencies listed in pyproject.toml are ignored.

Installation

pip install pylic

Configuration

pylic needs be run in the directory where your pyproject.toml file is located. You can configure

safe_licenses: All licenses you concider safe for usage. The string comparison is case-insensitive.

unsafe_packages: If you rely on a package that does not come with a license you have to explicitly list it as such.

[tool.pylic]
safe_licenses = [
"Apache Software License",
"Apache License 2.0",
"MIT License",
"Python Software Foundation License",
"Mozilla Public License 2.0 (MPL 2.0)",
]
unsafe_packages = [
"unlicensedPackage",
]

Commands

pylic provides the following commands (also see pylic help):

• check: Checks all installed licenses.
• list: Lists all installed packages and their corresponding license.

Usage Example

Create a venv to start with a clean ground and activate it

python -m venv .venv
source .venv/bin/activate

Install pylic and create an empty pyproject.toml

pip install pylic
touch pyproject.toml

Install all your dependencies

pip install <packageA> <packageB>

Run pylic

pylic check

The output will be similar to

Found unsafe packages:
  pkg_resources (0.0.0)
Found unsafe licenses:
  pip (18.1): MIT License
  zipp (3.4.1): MIT License
  toml (0.10.2): MIT License
  pylic (1.2.0): MIT License
  setuptools (40.8.0): MIT License
  typing-extensions (3.7.4.3): Python Software Foundation License
  importlib-metadata (3.9.0): Apache Software License

The return code of pylic is in this case non-zero due to unsafe licenses. This allows usage of pylic in CI.

echo $? # prints 1

As these licenses and packages are all ok we can configure pylic accordingly

cat <<EOT >> pyproject.toml
[tool.pylic]
safe_licenses = ["Apache Software License", "MIT License", "Python Software Foundation License"]
unsafe_packages = ["pkg_resources"]
EOT

After rerunning pylic check the output now reveals a successful validation

All licenses ok

Also the return code now signals that all is good

echo $? # prints 0

Use pylic list to list all installed packages and their corresponding licenses.

Development

Required tools:

• Poetry (https://python-poetry.org/)
• GitHub cli (https://github.com/cli/cli)

Run poetry install to install all necessary dependencies. Checkout the [tool.taskipy.tasks] (see taskipy) section in the pyproject.toml file for utily tasks. You can run these with poetry run task <task>.

Creating a new release is as simple as:

• Update version in the pyproject.toml and the __version__.py file.
• poetry run task release vx.x.x.

GitHub - ubersan/pylic: A Python license checker

A Python license checker. Contribute to ubersan/pylic development by creating an account on GitHub.

GitHububersan