license-finder
is a Clojure library that finds the licenses of the dependencies used in your Clojure(Script) projects. The library supports deps.edn
, shadow-cljs.edn
, package.json
(with npm's package-lock.json
) and project.clj
(Using Borkdude's lein2deps to convert the project and extract licenses). With it, you can easily generate a report of the licenses used by your project's dependencies, making it easier to comply with open source licenses and legal requirements.
license-finder
can be useful in a variety of situations. For example:
Releases are available from Clojars.
deps.edn:
com.scarletcomply/license-finder {:mvn/version "0.4.0"}
Leiningen/Boot:
[com.scarletcomply/license-finder "0.4.0"]
Starting from Clojure CLI v1.11.1.1139, tool installation is supported.
# Install tool (latest version)
clojure -Ttools install-latest :lib io.github.scarletcomply/license-finder :as license-finder
# Install tool (certain version)
clojure -Ttools install io.github.scarletcomply/license-finder '{:git/tag "v0.4.0"}' :as license-finder
# Remove tool
clojure -Ttools remove :tool license-finder
# Update tool
clojure -Ttools install-latest :tool license-finder
# Generate report with sensible defaults
clojure -Tlicense-finder report
# Generate report for all dependencies including transitive ones,
# print report to standard output
clojure -Tlicense-finder report :transitive? true :out :stdout
# Generate report for absolute paths (watch the quoting!)
clojure -Tlicense-finder report \
:project '"/home/me/git/license-finder/deps.edn"' \
:out '"/home/me/licenses.csv"' \
':transitive?' true
To use license-finder
, require the find-licenses
function from the scarlet.license-finder.core
namespace:
(require '[scarlet.license-finder.core :refer [find-licenses]])
You can then use find-licenses
to get license information of dependencies in a project file:
(find-licenses "deps.edn")
;; => ({:name "babashka/fs"
;; :type :mvn
;; :version "0.3.17"
;; :license {:id "EPL-1.0"
;; :name "Eclipse Public License 1.0"
;; :url "http://opensource.org/licenses/eclipse-1.0.php"}
;; :path "/home/user/.m2/repository/babashka/fs/0.3.17/fs-0.3.17.jar"}
;; {:name "io.github.clojure/tools.build"
;; :type :mvn
;; :version "0.9.4"
;; :license {:id "EPL-1.0"
;; :name "Eclipse Public License 1.0"
;; :url "https://opensource.org/licenses/eclipse-1.0.php"}
;; :path "/home/user/.m2/repository/io/github/clojure/tools.build/0.9.4/tools.build-0.9.4.jar"}
;; ,,,)
By default, find-licenses
only considers the direct dependencies of the project. If you want to include transitive dependencies, pass :transitive? true
as an option:
(find-licenses "deps.edn" :transitive? true)
You can create a CSV report of your licenses, e.g. in Continuous Integration,
with scarlet.license-finder.report/write-csv
.
Here is an example on how to integrate license-finder
in tools.build
:
(ns build
(:require [scarlet.license-finder.core :as license-finder]
[scarlet.license-finder.report :as report]))
(defn licenses [{:keys [project]
:or {project "./deps.edn"}}]
(->> (license-finder/find-licenses project :transitive? true)
(report/write-report {:project project})))
You can then generate a license report via the command line:
> clojure -T:build licenses
Licenses written to target/licenses/deps.edn.csv
If you don't want to or cannot install license-finder as a tool, you can use from deps.edn
as an alias:
:build/extract-licenses
{:replace-deps {com.scarletcomply/license-finder {:mvn/version "0.4.0"}}
:exec-fn scarlet.license-finder.tool/report}
OR
:build/extract-licenses
{:replace-deps {com.scarletcomply/license-finder {:mvn/version "0.4.0"}}
:exec-fn scarlet.license-finder.tool/report
:exec-args {:transitive? true}}
Use like this: clojure -X:build/extract-licenses :out '"./deps.edn.csv"'
Distributed under the MIT License.
Copyright (c) 2023 Scarlet Global Holdings Ltd, and contributors.
Can you improve this documentation? These fine people already did:
Ferdinand Beyer, Rafael Delboni, Pieter Breed, Vitaly Samigullin & Rodrigo LanderdahlEdit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close