Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

listcondalic

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

listcondalic

List license requirement of a project based on configuration file.

  • 0.1.1
  • Source
  • PyPI
  • Socket score

Maintainers
1

List license information from package specification file

Conda

For Conda environment:

  1. Create an environment specification file. Please follow this guide to create this file.
  2. Edit the file and remove all unnecessary dependencies (very important, otherwise the it is easy to get inundated with too many packages). For example, remove things like ipython, ipykernel, which are used for purpose other than the library itself.
  3. Install this package.
  4. Run:
listcondalic conda environment.yml > output.json

Here environment.yml should be the environment specification file. The package licence information will be saved at output.json.

Pip

Note: We use liccheck internally to produce the analysis.

  1. Create your package specification file (e.g. requirements.txt) including all the packages required. pipreqs is a good helping tool for this as well.
  2. Install this package
  3. Run:
listcondalic pip requirements.txt > output.json

The package licence information will be saved at output.json.

Existing problems

This packages isn't quite clever yet:

  • It tries to skip a few packages such as python, setuptools, wheel and pip. Hopefully, we won't neglect any important packages.
  • It only understand very basic package specifications in the conda environment file. Complicated package sources will likely create bugs in the result. In particular, it does not suppoprt:
    • "." (dot) package, or in general, if you specify a path to a local python package, this library will not attempt to analyze the packaged located in that folder. Instead, it will be registered as a package named, e.g. ".", and therefore it will report the package's licence as NotFound.
    • GitHub URL package, for reasons mentioned above.

GitHub action template

For a pip-based requirements.txt:

name: Report licence status

on:
  workflow_dispatch:

jobs:
  check-using-pip:
    name: Report using a pip environment
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@master
    - name: Set up Python 3.7
      uses: actions/setup-python@v1
      with:
        python-version: 3.7
    - name: Install packages and listcondalic
      run: |
        pip install -r requirements.txt
        pip install listcondalic
    - name: Produce report
      run: listcondalic pip requirements.txt

For a conda produced environment.yml:

name: Report licence status

on:
  workflow_dispatch:

jobs:
  check-using-conda:
    name: Report using a conda environment
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@master
    - name: Install conda and prepare the environment
      uses: conda-incubator/setup-miniconda@v2
      with:
        activate-environment: YOUR_ENVIRONMENT_NAME
        environment-file: environment.yml
        python-version: 3.7
        auto-activate-base: false
    - name: Install listcondalic
      shell: 'bash -l {0}' # this is required by the conda action
      run: pip install listcondalic
    - name: Produce report
      shell: 'bash -l {0}' # this is required by the conda action
      run: listcondalic conda environment.yml

Keywords

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc