Liking cljdoc? Tell your friends :D
mainCIDependencies
devCIDependencies

Latest Version Open Issues License

tools-licenses

A Clojure tools.build task library related to dependency licenses. Somewhat inspired by the (discontinued) lein-licenses Leiningen plugin, but with the added benefit of license canonicalisation (leveraging the excellent Software Package Data Exchange (SPDX) standard), and with the ability to check your project against the Apache Software Foundation's 3rd Party License Policy.

Tasks

  1. licenses - attempt to display the licenses used by all transitive dependencies of the project
  2. check-asf-policy - attempt to check your project's compliance with the ASF's 3rd Party License Policy

Using the library

Documentation

API documentation is available here, though since the refactoring out of the license detection and ASF policy validation code, that's not very interesting or useful any longer.

FAQ is available here.

Dependency

Express the correct maven dependencies in your deps.edn, for a build tool alias:

  :aliases
    :build
      {:deps       {com.github.pmonks/tools-licenses {:mvn/version "LATEST_CLOJARS_VERSION"}
                    io.github.seancorfield/build-clj {:git/tag "v0.6.7" :git/sha "22c2d09"}}
       :ns-default your.build.ns}

Note that you must express an explicit dependency on io.github.seancorfield/build-clj, as that project doesn't publish artifacts to Clojars yet, and transitive git coordinate dependencies are not supported by tools.deps.

Require the namespace

(ns your.build.ns
  (:require [tools-licenses.tasks :as lic]))

Add one or more of the build tasks to your build

(defn licenses
  "Attempts to list all licenses for the transitive set of dependencies of the project, using SPDX license expressions."
  [opts]
  (-> opts
      (set-opts)
      (lic/licenses)))

(defn check-asf-policy
  "Checks this project's dependencies' licenses against the ASF's 3rd party license policy (https://www.apache.org/legal/resolved.html)."
  [opts]
  (-> opts
      (set-opts)
      (lic/check-asf-policy)))

Use the build tasks

licenses task

Example summary output:

$ clj -T:build licenses
This project: Apache-2.0

License                                  Number of Deps
---------------------------------------- --------------
Apache-2.0                               72
BSD-3-Clause                             1
CDDL-1.0                                 1
EPL-1.0                                  35
GPL-2.0-with-classpath-exception         2
LGPL-2.1                                 2
MIT                                      6
NON-SPDX-Public-Domain                   1

Use clj -T:build licenses :output :detailed to get detailed, per-dependency output (too long to reasonably include here).

If you see NON-SPDX-Unknown license identifiers, and/or the task displays a list of dependencies with unknown licenses, please raise an issue here.

check-asf-policy task

Example summary output:

$ clj -T:build check-asf-policy
Category                       Number of Deps
------------------------------ --------------
Category A                     79
Category A (with caveats)      1
Category B                     32
Creative Commons Licenses      0
Category X                     0
Uncategorised                  0

For more information, please see https://github.com/pmonks/tools-licenses/wiki/FAQ

Use clj -T:build check-asf-policy :output :detailed to get detailed, per-dependency output (too long to reasonably include here).

Contributor Information

Contributing Guidelines

Bug Tracker

Code of Conduct

Developer Workflow

This project uses the git-flow branching strategy, with the caveat that the permanent branches are called main and dev, and any changes to the main branch are considered a release and auto-deployed (JARs to Clojars, API docs to GitHub Pages, etc.).

For this reason, all development must occur either in branch dev, or (preferably) in temporary branches off of dev. All PRs from forked repos must also be submitted against dev; the main branch is only updated from dev via PRs created by the core development team. All other changes submitted to main will be rejected.

Build Tasks

tools-licenses uses tools.build. You can get a list of available tasks by running:

clojure -A:deps -T:build help/doc

Of particular interest are:

  • clojure -T:build test - run the unit tests
  • clojure -T:build lint - run the linters (clj-kondo and eastwood)
  • clojure -T:build ci - run the full CI suite (check for outdated dependencies, run the unit tests, run the linters)
  • clojure -T:build install - build the JAR and install it locally (e.g. so you can test it with downstream code)

Please note that the deploy task is restricted to the core development team (and will not function if you run it yourself).

License

Copyright © 2021 Peter Monks

Distributed under the Apache License, Version 2.0.

SPDX-License-Identifier: Apache-2.0

Can you improve this documentation?Edit on GitHub

cljdoc is a website building & hosting documentation for Clojure/Script libraries

Keyboard shortcutsReport a problemcljdoc on GitHub
× close