Skip to content

/ licensed

A Ruby gem to cache and verify the licenses of dependencies
license-management dependencies licensing open-source-licensing
Ruby Shell
  1. Ruby 95.5%
  2. Shell 4.5%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

Latest commit

@jonabc
jonabc Merge pull request #242 from bruce/mix-lock-digest 
Support trailing digest in mix.lock entries
Latest commit ef02cc7 Feb 26, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows add yarn source Dec 24, 2019
docker use ruby 2.6 packager Aug 27, 2019
docs better describe settings purpose Jan 3, 2020
exe v1.0.0 Feb 20, 2018
lib Support trailing digest in mix.lock entries Feb 21, 2020
script yarn fixtures Dec 24, 2019
test pip test typo Feb 17, 2020
.gitignore yarn fixtures Dec 24, 2019
.licensed.yml set allowed and reviewed Mar 31, 2019
.rubocop.yml exclude test fixtures and local gems Apr 5, 2018
.ruby-version v1.0.0 Feb 20, 2018
CHANGELOG.md release 2.8.0 Jan 3, 2020
CODE_OF_CONDUCT.md v1.0.0 Feb 20, 2018
CONTRIBUTING.md change note on CI from travis to actions Sep 6, 2019
Gemfile v1.0.0 Feb 20, 2018
LICENSE Update Datum in LICENSE Oct 3, 2019
README.md add docs Dec 24, 2019
Rakefile πŸ”§ Aug 22, 2019
licensed.gemspec Run pipenv in parallel for discovered packages to improve performance. Oct 22, 2019

README.md

Licensed

Licensed caches the licenses of dependencies and checks their status.

Licensed is available as a Ruby gem for Ruby environments, and as a self-contained executable for non-Ruby environments.

Licensed is not a complete open source license compliance solution. Please understand the important disclaimer below to make appropriate use of Licensed.

Current Status

Build status

Licensed is in active development and currently used at GitHub. See the open issues for a list of potential work.

Licensed v2

Licensed v2 includes many internal changes intended to make licensed more extensible and easier to update in the future. While not too much has changed externally, v2 is incompatible with configuration files and cached records from previous versions. Fortunately, migrating is easy using the licensed migrate command.

See CHANGELOG.md for more details on what's changed. See the migration documentation for more info on migrating to v2, or run licensed help migrate.

Installation

Dependencies

Licensed uses the libgit2 bindings for Ruby provided by rugged. rugged requires cmake and pkg-config which you may need to install before you can install Licensed.

Ubuntu

sudo apt-get install cmake pkg-config

OS X

brew install cmake pkg-config

With a Gemfile

Add this line to your application's Gemfile:

gem 'licensed', :group => 'development'

And then execute:

$ bundle

As an executable

Download a package from GitHub and extract the executable. Executable packages are available for each release starting with version 1.2.0.

$ curl -sSL https://github.com/github/licensed/releases/download/<version>/licensed-<version>-<os>-x64.tar.gz > licensed.tar.gz
$ tar -xzf licensed.tar.gz
$ rm -f licensed.tar.gz
$ ./licensed list

For system wide usage, install licensed to a location on $PATH, e.g. /usr/local/bin.

Usage

  • licensed list: Output enumerated dependencies only.
  • licensed cache: Cache licenses and metadata.
  • licensed status: Check status of dependencies' cached licenses. For example:
  • licensed version: Show current installed version of Licensed. Aliases: -v|--version

See the commands documentation for additional documentation, or run licensed -h to see all of the current available commands.

Automation

Bundler

The bundler-licensed plugin runs licensed cache automatically when using bundler. See the linked repo for usage and details.

GitHub Actions

The licensed-ci GitHub Action runs licensed as part of an opinionated CI workflow and can be configured to run on any GitHub Action event. See the linked actions for usage and details.

The setup-licensed GitHub Action installs licensed to the workflow environment. See the linked actions for usage and details.

  • This action is intended for projects that don't have a ruby installation setup. If your workflow has ruby setup please install licensed via Gemfile + bundle install or with gem install.

Configuration

All commands, except version, accept a -c|--config option to specify a path to a configuration file or directory.

If a directory is specified, licensed will look in that directory for a file named (in order of preference):

  1. .licensed.yml
  2. .licensed.yaml
  3. .licensed.json

If the option is not specified, the value will be set to the current directory.

See the configuration file documentation for more details on the configuration format.

Sources

Dependencies will be automatically detected for all of the following sources by default.

  1. Bower
  2. Bundler
  3. Cabal
  4. Composer
  5. Go
  6. Go Dep (dep)
  7. Manifest lists (manifests)
  8. NPM
  9. Pip
  10. Pipenv
  11. Git Submodules (git_submodule)
  12. Mix
  13. Yarn

You can disable any of them in the configuration file:

sources:
  bundler: false
  npm: false
  bower: false
  cabal: false

Development

To get started after checking out the repo, run

  1. script/bootstrap to install dependencies
  2. script/setup to setup test fixtures.
  • script/setup -f will force a clean test fixture environment
  1. script/cibuild to run the tests.

You can also run script/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Adding sources

When adding new dependency sources, ensure that script/bootstrap scripting and tests are only run if the required tooling is available on the development machine.

  • See script/bootstrap for examples of gating scripting based on whether tooling executables are found.
  • Use Licensed::Shell.tool_available? when writing test files to gate running a test suite when tooling executables aren't available.
if Licensed::Shell.tool_available?('bundle')
  describe Licensed::Source::Bundler do
    ...
  end
end

See the documentation on adding new sources for more information.

Adding Commands

See the documentation on commands for information about adding a new CLI command.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct. See CONTRIBUTING for more details.

Disclaimer

Licensed is not a complete open source license compliance solution. Like any bug, licensing issues are far cheaper to fix if found early. Licensed is intended to provide automation around documenting the licenses of dependencies and whether they are configured to be allowed by a user of licensed, in other words, to surface the most obvious licensing issues early.

Licensed is not a substitute for human review of each dependency for licensing or any other issues. It is not the goal of Licensed or GitHub, Inc. to provide legal advice about licensing or any other issues. If you have any questions regarding licensing compliance for your code or any other legal issues relating to it, it’s up to you to do further research or consult with a professional.

License

The gem is available as open source under the terms of the MIT License.

You can’t perform that action at this time.