liccheck: Python License Checker

0.9.2 · active · verified Sat Apr 11

liccheck is a Python library and command-line tool that checks package licenses listed in a requirements.txt file or pyproject.toml and their dependencies against a user-defined strategy. This strategy includes lists of authorized and unauthorized licenses, as well as explicitly authorized packages. The current version is 0.9.2, with a fairly active release cadence addressing features like Poetry support and improved license parsing.

Warnings

breaking Starting with version 0.9.2, `liccheck` officially dropped support for Python 2. Projects still using Python 2 will need to use an older version (pre-0.9.2) or migrate to Python 3.
Fix: Upgrade to Python 3.5+ or pin `liccheck<0.9.2` for Python 2 projects.
gotcha `liccheck` must be installed in the *same* Python (virtual) environment as the packages it needs to check. This is because it uses `pkg_resources` to access installed package metadata and license information directly.
Fix: Install `liccheck` alongside your project's dependencies: `pip install -r requirements.txt liccheck`.
gotcha A license strategy file (`liccheck.ini` or `pyproject.toml`) is mandatory for `liccheck` to operate correctly. Without it, the tool cannot determine authorized or unauthorized licenses and packages, often leading to errors or unhelpful output.
Fix: Always provide a strategy file, either explicitly via `--strategy-ini-file` or by placing `liccheck.ini` or a `[tool.liccheck]` section in `pyproject.toml` in the current working directory. Refer to documentation for example configurations.
gotcha Older versions of `liccheck` (prior to 0.9.1) had limitations or incorrect behavior when dealing with multiple licenses, especially those combined with SPDX `OR` operators. This was addressed in version 0.9.1.
Fix: Ensure you are using `liccheck` version 0.9.1 or newer for accurate handling of complex license expressions.
gotcha While `liccheck.ini` is a valid configuration file, modern Python projects increasingly prefer `pyproject.toml`. `liccheck` supports a `[tool.liccheck]` section in `pyproject.toml` since version 0.9.0.
Fix: For new projects or migration, consider using `pyproject.toml` for your `liccheck` configuration. For older `liccheck` versions, `.ini` files are the primary option.

Install

pip install liccheck Install latest version

Quickstart

This quickstart demonstrates how to use `liccheck` as a command-line tool. It creates a mock `requirements.txt` and `liccheck.ini` strategy file, then executes `liccheck` to verify licenses. For a real-world scenario, ensure the packages listed in `requirements.txt` are actually installed in the same Python environment where `liccheck` is run.

import os

# Create dummy requirements.txt
with open('requirements.txt', 'w') as f:
    f.write('Flask\nrequests==2.31.0\n')

# Create dummy liccheck.ini for configuration
# Authorized and unauthorized licenses in LOWER CASE
with open('liccheck.ini', 'w') as f:
    f.write(''[Licenses]\n'')
    f.write(''authorized_licenses: mit, bsd new, apache 2.0, python software foundation license, isc license (iscl)\n'')
    f.write(''unauthorized_licenses: gpl v3, agpl\n\n'')
    f.write(''[Authorized Packages]\n'')
    f.write(''; Example: Specify exact version or range using PEP-0440\n'')
    f.write(''requests: >=2.31.0,<3.0.0\n'')

print("Running liccheck. This assumes 'Flask' and 'requests' are installed in the current environment.")
print("To run this properly, ensure `pip install Flask requests liccheck` is executed first.")
print("--- Output from liccheck ---")
# Use os.system for demonstration as it's primarily a CLI tool
os.system('liccheck --strategy-ini-file liccheck.ini --requirement-txt-file requirements.txt')
print("---------------------------")

# Clean up dummy files
os.remove('requirements.txt')
os.remove('liccheck.ini')

view raw JSON →