# py-license-auditor
[](https://crates.io/crates/py-license-auditor)
[](https://pypi.org/project/py-license-auditor/)
[](LICENSE)
**The fastest license auditor for uv projects** - Built specifically for the modern Python ecosystem.
> 🎯 **uv-First Strategy**: This tool is designed exclusively for [uv](https://github.com/astral-sh/uv) projects. We focus on providing the best possible experience for uv users rather than supporting all package managers.
## ✨ Why uv + py-license-auditor?
- 🚀 **Built for Speed**: Both tools are written in Rust for maximum performance
- 🎯 **uv-Native**: Deep integration with `uv.lock` and uv workflows
- 🔧 **Zero Config**: Works out of the box with uv projects
- ⚡ **Fast Workflow**: `uv sync && py-license-auditor check` - that's it!
## 🚀 Installation
### For uv Users (Recommended)
```bash
# Install as a uv tool
uv tool install py-license-auditor
# Use in any uv project
cd my-uv-project
uv tool run py-license-auditor check
```
### Manual Installation
Download the binary for your platform from [GitHub Releases](https://github.com/yayami3/py-license-auditor/releases/latest).
### From Source
```bash
git clone https://github.com/yayami3/py-license-auditor
cd py-license-auditor
cargo install --path .
```
## 📖 Usage
> 📚 **Quick Start**: See [QUICKSTART.md](QUICKSTART.md) for a step-by-step guide
### Quick Start
```bash
# 1. Setup your uv project
uv init my-project
cd my-project
uv add requests pandas
# 2. Configure license policy (one-time setup)
py-license-auditor init green
# 3. Run license audit
uv sync
py-license-auditor check
```
### Configuration Setup
#### Initialize with Built-in Policies
```bash
# For commercial/enterprise projects (safest)
py-license-auditor init green
# For balanced development (permissive + weak copyleft)
py-license-auditor init yellow
# For audit/OSS development (information gathering)
py-license-auditor init red
```
This creates a `[tool.py-license-auditor]` section in your `pyproject.toml` with appropriate settings.
### Basic Usage
```bash
# Auto-detect .venv in current directory (shows table format by default)
py-license-auditor check
# Specify site-packages directory
py-license-auditor check /path/to/site-packages
# Save to file
py-license-auditor check --output licenses.json
```
### Output Formats
```bash
# Table for terminal viewing (default)
py-license-auditor check --format table
# JSON for programmatic use
py-license-auditor check --format json
# CSV for spreadsheets
py-license-auditor check --format csv
```
### Advanced Options
```bash
# Include packages without license info
py-license-auditor check --include-unknown
# Combine options
py-license-auditor check --format csv --output report.csv --include-unknown
# Automatic violation fixing
py-license-auditor fix --dry-run # Preview changes
py-license-auditor fix # Apply exceptions
# Global options
py-license-auditor --quiet check
py-license-auditor --verbose check
```
## 📊 Output Example
### Table Format (Default)
```
📦 License Summary (20 packages)
✅ 20 with licenses ⚠️ 0 unknown 🚫 2 violations
🔍 Issues Found:
┌─────────────────┬─────────┬─────────────┬─────────────────┐
│ Package │ Version │ License │ Problem │
├─────────────────┼─────────┼─────────────┼─────────────────┤
│ some-gpl-lib │ 2.1.0 │ GPL-3.0 │ Not allowed │
│ another-package │ 1.0.0 │ AGPL-3.0 │ Not allowed │
└─────────────────┴─────────┴─────────────┴─────────────────┘
💡 Run with --verbose to see all 20 packages
```
### JSON Format
```json
{
"packages": [
{
"name": "requests",
"version": "2.31.0",
"license": "Apache-2.0",
"license_classifiers": [
"License :: OSI Approved :: Apache Software License"
],
"metadata_source": "METADATA"
}
],
"summary": {
"total_packages": 50,
"with_license": 45,
"without_license": 5,
"license_types": {
"osi_approved": {
"MIT": 20,
"Apache-2.0": 15,
"BSD": 8
},
"non_osi": {
"MIT License": 2
}
}
},
"violations": {
"total": 2,
"errors": 1,
"warnings": 1,
"details": [
{
"package_name": "some-gpl-lib",
"package_version": "2.1.0",
"license": "GPL-3.0",
"violation_level": "Forbidden",
"matched_rule": "exact: GPL-3.0",
"message": "License 'GPL-3.0' is forbidden by policy"
}
]
}
}
```
### CSV Format
```csv
name,version,license,license_classifiers,metadata_source
requests,2.31.0,Apache-2.0,"License :: OSI Approved :: Apache Software License",METADATA
click,8.1.7,BSD-3-Clause,"License :: OSI Approved :: BSD License",METADATA
```
## 🎛️ Policy Configuration
### Built-in Policies
Three ready-to-use policies are included:
```bash
# Green: Safe for commercial use - only permissive licenses
py-license-auditor init green
# Yellow: Balanced policy - permissive + weak copyleft
py-license-auditor init yellow
# Red: Audit mode - all licenses allowed for information gathering
py-license-auditor init red
```
| Policy | Allowed | Forbidden | Review Required | Fails on Violation |
|--------|---------|-----------|-----------------|-------------------|
| **Green** | MIT, Apache-2.0, BSD-*, ISC | GPL-*, AGPL-*, LGPL-*, MPL-2.0 | None | Yes |
| **Yellow** | MIT, Apache-2.0, BSD-*, ISC, LGPL-*, MPL-2.0 | GPL-*, AGPL-* | None | Yes |
| **Red** | MIT, Apache-2.0, BSD-*, ISC, LGPL-*, MPL-2.0 | None | GPL-*, AGPL-* | No |
### Custom Policy Configuration
After running `py-license-auditor init`, you can customize the generated configuration in `pyproject.toml`:
```toml
[tool.py-license-auditor]
format = "json"
include_unknown = true
fail_on_violations = true
[tool.py-license-auditor.policy]
name = "Custom License Policy"
description = "Tailored policy for our project"
[tool.py-license-auditor.policy.allowed_licenses]
exact = ["MIT", "Apache-2.0", "BSD-3-Clause", "ISC"]
patterns = ["BSD-*"]
[tool.py-license-auditor.policy.forbidden_licenses]
exact = ["GPL-3.0", "AGPL-3.0"]
patterns = ["GPL-*", "AGPL-*"]
[tool.py-license-auditor.policy.review_required]
exact = ["MPL-2.0"]
patterns = ["LGPL-*"]
[[tool.py-license-auditor.policy.exceptions]]
name = "legacy-package"
version = "1.0.0"
reason = "Approved by legal team for legacy compatibility"
```
### Policy Rules
- **allowed_licenses**: Licenses that are automatically approved
- **forbidden_licenses**: Licenses that cause build failures
- **review_required**: Licenses that need manual review (warnings)
- **exceptions**: Package-specific overrides with justification
### Pattern Matching
Use glob patterns for flexible license matching:
- `"GPL-*"` matches `GPL-2.0`, `GPL-3.0`, etc.
- `"BSD-*"` matches `BSD-2-Clause`, `BSD-3-Clause`, etc.
## 🎯 Use Cases
### License Compliance
Generate comprehensive reports for legal review and compliance auditing.
```bash
# Generate compliance report
py-license-auditor check --format json --output compliance-report.json
```
### CI/CD Integration
Automate license checking in your deployment pipeline.
```yaml
# GitHub Actions example
- name: Setup License Policy
run: py-license-auditor init green
- name: License Check
run: py-license-auditor check
- name: Generate License Report
run: py-license-auditor check --format json --output license-report.json
```
### Dependency Auditing
Understand your project's license obligations and risks.
```bash
# Focus on potential issues
py-license-auditor check --format json
```
## 🔍 License Categories
The tool categorizes licenses into two groups:
- **OSI Approved**: Licenses approved by the Open Source Initiative (legally vetted)
- **Non-OSI**: Custom licenses, proprietary licenses, or unrecognized formats
This helps you quickly identify which licenses need manual legal review.
## 🛠️ Development
### Building from Source
```bash
git clone https://github.com/yayami3/py-license-auditor
cd py-license-auditor
cargo build --release
```
### Running Tests
```bash
cargo test
```
### Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## 📄 License
This project is licensed under either of
- Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
at your option.
## 🙏 Acknowledgments
- Built with [Clap](https://github.com/clap-rs/clap) for CLI parsing
- Uses [Serde](https://github.com/serde-rs/serde) for serialization
- Inspired by the need for better Python license compliance tools
Raw data
{
"_id": null,
"home_page": null,
"name": "py-license-auditor",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "license, python, uv, compliance, audit",
"author": null,
"author_email": "yayami3 <116920988+yayami3@users.noreply.github.com>",
"download_url": "https://files.pythonhosted.org/packages/f3/d2/e382f95333b8e964b70340256afebece5170fa3275cf6dee53ece876443f/py_license_auditor-0.5.2.tar.gz",
"platform": null,
"description": "# py-license-auditor\n\n[](https://crates.io/crates/py-license-auditor)\n[](https://pypi.org/project/py-license-auditor/)\n[](LICENSE)\n\n**The fastest license auditor for uv projects** - Built specifically for the modern Python ecosystem.\n\n> \ud83c\udfaf **uv-First Strategy**: This tool is designed exclusively for [uv](https://github.com/astral-sh/uv) projects. We focus on providing the best possible experience for uv users rather than supporting all package managers.\n\n## \u2728 Why uv + py-license-auditor?\n\n- \ud83d\ude80 **Built for Speed**: Both tools are written in Rust for maximum performance\n- \ud83c\udfaf **uv-Native**: Deep integration with `uv.lock` and uv workflows \n- \ud83d\udd27 **Zero Config**: Works out of the box with uv projects\n- \u26a1 **Fast Workflow**: `uv sync && py-license-auditor check` - that's it!\n\n## \ud83d\ude80 Installation\n\n### For uv Users (Recommended)\n```bash\n# Install as a uv tool\nuv tool install py-license-auditor\n\n# Use in any uv project\ncd my-uv-project\nuv tool run py-license-auditor check\n```\n\n### Manual Installation\nDownload the binary for your platform from [GitHub Releases](https://github.com/yayami3/py-license-auditor/releases/latest).\n\n### From Source\n```bash\ngit clone https://github.com/yayami3/py-license-auditor\ncd py-license-auditor\ncargo install --path .\n```\n\n## \ud83d\udcd6 Usage\n\n> \ud83d\udcda **Quick Start**: See [QUICKSTART.md](QUICKSTART.md) for a step-by-step guide\n\n### Quick Start\n```bash\n# 1. Setup your uv project\nuv init my-project\ncd my-project\nuv add requests pandas\n\n# 2. Configure license policy (one-time setup)\npy-license-auditor init green\n\n# 3. Run license audit\nuv sync\npy-license-auditor check\n```\n\n### Configuration Setup\n\n#### Initialize with Built-in Policies\n```bash\n# For commercial/enterprise projects (safest)\npy-license-auditor init green\n\n# For balanced development (permissive + weak copyleft)\npy-license-auditor init yellow\n\n# For audit/OSS development (information gathering)\npy-license-auditor init red\n```\n\nThis creates a `[tool.py-license-auditor]` section in your `pyproject.toml` with appropriate settings.\n\n### Basic Usage\n```bash\n# Auto-detect .venv in current directory (shows table format by default)\npy-license-auditor check\n\n# Specify site-packages directory\npy-license-auditor check /path/to/site-packages\n\n# Save to file\npy-license-auditor check --output licenses.json\n```\n\n### Output Formats\n```bash\n# Table for terminal viewing (default)\npy-license-auditor check --format table\n\n# JSON for programmatic use\npy-license-auditor check --format json\n\n# CSV for spreadsheets\npy-license-auditor check --format csv\n```\n\n### Advanced Options\n```bash\n# Include packages without license info\npy-license-auditor check --include-unknown\n\n# Combine options\npy-license-auditor check --format csv --output report.csv --include-unknown\n\n# Automatic violation fixing\npy-license-auditor fix --dry-run # Preview changes\npy-license-auditor fix # Apply exceptions\n\n# Global options\npy-license-auditor --quiet check\npy-license-auditor --verbose check\n```\n\n## \ud83d\udcca Output Example\n\n### Table Format (Default)\n```\n\ud83d\udce6 License Summary (20 packages)\n\u2705 20 with licenses \u26a0\ufe0f 0 unknown \ud83d\udeab 2 violations\n\n\ud83d\udd0d Issues Found:\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 Package \u2502 Version \u2502 License \u2502 Problem \u2502\n\u251c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524\n\u2502 some-gpl-lib \u2502 2.1.0 \u2502 GPL-3.0 \u2502 Not allowed \u2502\n\u2502 another-package \u2502 1.0.0 \u2502 AGPL-3.0 \u2502 Not allowed \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\n\ud83d\udca1 Run with --verbose to see all 20 packages\n```\n\n### JSON Format\n```json\n{\n \"packages\": [\n {\n \"name\": \"requests\",\n \"version\": \"2.31.0\",\n \"license\": \"Apache-2.0\",\n \"license_classifiers\": [\n \"License :: OSI Approved :: Apache Software License\"\n ],\n \"metadata_source\": \"METADATA\"\n }\n ],\n \"summary\": {\n \"total_packages\": 50,\n \"with_license\": 45,\n \"without_license\": 5,\n \"license_types\": {\n \"osi_approved\": {\n \"MIT\": 20,\n \"Apache-2.0\": 15,\n \"BSD\": 8\n },\n \"non_osi\": {\n \"MIT License\": 2\n }\n }\n },\n \"violations\": {\n \"total\": 2,\n \"errors\": 1,\n \"warnings\": 1,\n \"details\": [\n {\n \"package_name\": \"some-gpl-lib\",\n \"package_version\": \"2.1.0\",\n \"license\": \"GPL-3.0\",\n \"violation_level\": \"Forbidden\",\n \"matched_rule\": \"exact: GPL-3.0\",\n \"message\": \"License 'GPL-3.0' is forbidden by policy\"\n }\n ]\n }\n}\n```\n\n### CSV Format\n```csv\nname,version,license,license_classifiers,metadata_source\nrequests,2.31.0,Apache-2.0,\"License :: OSI Approved :: Apache Software License\",METADATA\nclick,8.1.7,BSD-3-Clause,\"License :: OSI Approved :: BSD License\",METADATA\n```\n\n## \ud83c\udf9b\ufe0f Policy Configuration\n\n### Built-in Policies\n\nThree ready-to-use policies are included:\n\n```bash\n# Green: Safe for commercial use - only permissive licenses\npy-license-auditor init green\n\n# Yellow: Balanced policy - permissive + weak copyleft\npy-license-auditor init yellow\n\n# Red: Audit mode - all licenses allowed for information gathering\npy-license-auditor init red\n```\n\n| Policy | Allowed | Forbidden | Review Required | Fails on Violation |\n|--------|---------|-----------|-----------------|-------------------|\n| **Green** | MIT, Apache-2.0, BSD-*, ISC | GPL-*, AGPL-*, LGPL-*, MPL-2.0 | None | Yes |\n| **Yellow** | MIT, Apache-2.0, BSD-*, ISC, LGPL-*, MPL-2.0 | GPL-*, AGPL-* | None | Yes |\n| **Red** | MIT, Apache-2.0, BSD-*, ISC, LGPL-*, MPL-2.0 | None | GPL-*, AGPL-* | No |\n\n### Custom Policy Configuration\n\nAfter running `py-license-auditor init`, you can customize the generated configuration in `pyproject.toml`:\n\n```toml\n[tool.py-license-auditor]\nformat = \"json\"\ninclude_unknown = true\nfail_on_violations = true\n\n[tool.py-license-auditor.policy]\nname = \"Custom License Policy\"\ndescription = \"Tailored policy for our project\"\n\n[tool.py-license-auditor.policy.allowed_licenses]\nexact = [\"MIT\", \"Apache-2.0\", \"BSD-3-Clause\", \"ISC\"]\npatterns = [\"BSD-*\"]\n\n[tool.py-license-auditor.policy.forbidden_licenses]\nexact = [\"GPL-3.0\", \"AGPL-3.0\"]\npatterns = [\"GPL-*\", \"AGPL-*\"]\n\n[tool.py-license-auditor.policy.review_required]\nexact = [\"MPL-2.0\"]\npatterns = [\"LGPL-*\"]\n\n[[tool.py-license-auditor.policy.exceptions]]\nname = \"legacy-package\"\nversion = \"1.0.0\"\nreason = \"Approved by legal team for legacy compatibility\"\n```\n\n### Policy Rules\n\n- **allowed_licenses**: Licenses that are automatically approved\n- **forbidden_licenses**: Licenses that cause build failures\n- **review_required**: Licenses that need manual review (warnings)\n- **exceptions**: Package-specific overrides with justification\n\n### Pattern Matching\n\nUse glob patterns for flexible license matching:\n- `\"GPL-*\"` matches `GPL-2.0`, `GPL-3.0`, etc.\n- `\"BSD-*\"` matches `BSD-2-Clause`, `BSD-3-Clause`, etc.\n\n## \ud83c\udfaf Use Cases\n\n### License Compliance\nGenerate comprehensive reports for legal review and compliance auditing.\n\n```bash\n# Generate compliance report\npy-license-auditor check --format json --output compliance-report.json\n```\n\n### CI/CD Integration\nAutomate license checking in your deployment pipeline.\n\n```yaml\n# GitHub Actions example\n- name: Setup License Policy\n run: py-license-auditor init green\n \n- name: License Check \n run: py-license-auditor check\n \n- name: Generate License Report\n run: py-license-auditor check --format json --output license-report.json\n```\n\n### Dependency Auditing\nUnderstand your project's license obligations and risks.\n\n```bash\n# Focus on potential issues\npy-license-auditor check --format json\n```\n\n## \ud83d\udd0d License Categories\n\nThe tool categorizes licenses into two groups:\n\n- **OSI Approved**: Licenses approved by the Open Source Initiative (legally vetted)\n- **Non-OSI**: Custom licenses, proprietary licenses, or unrecognized formats\n\nThis helps you quickly identify which licenses need manual legal review.\n\n## \ud83d\udee0\ufe0f Development\n\n### Building from Source\n```bash\ngit clone https://github.com/yayami3/py-license-auditor\ncd py-license-auditor\ncargo build --release\n```\n\n### Running Tests\n```bash\ncargo test\n```\n\n### Contributing\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## \ud83d\udcc4 License\n\nThis project is licensed under either of\n\n- Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)\n- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)\n\nat your option.\n\n## \ud83d\ude4f Acknowledgments\n\n- Built with [Clap](https://github.com/clap-rs/clap) for CLI parsing\n- Uses [Serde](https://github.com/serde-rs/serde) for serialization\n- Inspired by the need for better Python license compliance tools\n",
"bugtrack_url": null,
"license": "MIT OR Apache-2.0",
"summary": "Fast license auditor for uv projects - Extract and analyze license information with uv.lock integration",
"version": "0.5.2",
"project_urls": {
"Documentation": "https://github.com/yayami3/py-license-auditor#readme",
"Homepage": "https://github.com/yayami3/py-license-auditor",
"Issues": "https://github.com/yayami3/py-license-auditor/issues",
"Repository": "https://github.com/yayami3/py-license-auditor"
},
"split_keywords": [
"license",
" python",
" uv",
" compliance",
" audit"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "70e746fdcc5348a8682e046756e12c6559403c61c87f5e96f32ad62f2b1ed5ab",
"md5": "09151d1e10cc5592217c29231fe15fde",
"sha256": "4ced6f38a62eb65a707692d6c964d92b64ed79f0c3caa09c1706ad53a4714f45"
},
"downloads": -1,
"filename": "py_license_auditor-0.5.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "09151d1e10cc5592217c29231fe15fde",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 7279281,
"upload_time": "2025-10-09T07:43:20",
"upload_time_iso_8601": "2025-10-09T07:43:20.043865Z",
"url": "https://files.pythonhosted.org/packages/70/e7/46fdcc5348a8682e046756e12c6559403c61c87f5e96f32ad62f2b1ed5ab/py_license_auditor-0.5.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "f3d2e382f95333b8e964b70340256afebece5170fa3275cf6dee53ece876443f",
"md5": "4197819ed0c3e7da6eb570b4145e5455",
"sha256": "90541d5d9d69c698bcf6ae3ee6a2d3d20239a963658580f5ce248ef7a379b6b5"
},
"downloads": -1,
"filename": "py_license_auditor-0.5.2.tar.gz",
"has_sig": false,
"md5_digest": "4197819ed0c3e7da6eb570b4145e5455",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 7249865,
"upload_time": "2025-10-09T07:43:21",
"upload_time_iso_8601": "2025-10-09T07:43:21.798098Z",
"url": "https://files.pythonhosted.org/packages/f3/d2/e382f95333b8e964b70340256afebece5170fa3275cf6dee53ece876443f/py_license_auditor-0.5.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-09 07:43:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "yayami3",
"github_project": "py-license-auditor#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "py-license-auditor"
}
JSON
