Skip to content

poyo46/lilili

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LiLiLi: List the Licenses of the Libraries

Test PyPI Version Python Versions License Code style: black Imports: isort

LiLiLi helps you to retrieve and audit software license information.

Installation

LiLiLi is available on PyPI:

$ pip install lilili

You can also use poetry to add it to a specific Python project.

$ poetry add lilili

Examples

Search for and list the licenses of libraries

Python libraries

$ pip list > pip-list.txt
$ lilili search --yaml pip-list.txt

Example of result.yml:

- domain: pypi
  name: requests
  version: 2.25.1
  licenses:
    - spdx_id: Apache-2.0
      basis: API_EXACT
      source_url: https://pypi.org/pypi/requests/2.25.1/json
  download_url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl
  homepage: https://requests.readthedocs.io
  git_url: https://github.com/psf/requests
  updated_at: "2021-02-22T17:32:25.323561"
- domain: pypi
  name: idna
  version: "2.10"
  licenses:
    - spdx_id: BSD-3-Clause
      basis: API_LATEST
      source_url: https://pypi.org/pypi/idna/json
    - spdx_id: BSD-3-Clause
      basis: GITHUB_LICENSES_API
      source_url: https://api.github.com/repos/kjd/idna/license
  download_url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl
  homepage: https://github.com/kjd/idna
  git_url: https://github.com/kjd/idna
  updated_at: "2021-02-22T17:32:24.035106"

Ruby libraries

$ bundle list > bundle-list.txt
$ lilili search --yaml bundle-list.txt

The output result.yml is in the same format as above.

Node.js libraries

$ yarn list > yarn-list.txt
$ lilili search --yaml yarn-list.txt

The output result.yml is in the same format as above.

Why LiLiLi?

  • LiLiLi uses the SPDX license list, which is also used by GitHub Licenses API, so the license notation can be reused.
  • If LiLiLi cannot determine the license for a particular version of the library, it will search for the latest version of the license or a license registered in the GitHub repository.
  • LiLiLi will reveal the URL of the API on which the licensing decision is based, so you can double-check it yourself.