Dump the software license list of Python packages installed with pip.
pip-licenses-cli is a CLI tool for checking the software licenses of installed Python packages with pip.
Implemented with the idea inspired by composer licenses command in Composer (a.k.a PHP package management tool):
https://getcomposer.org/doc/03-cli.md#licenses
This is a fork of the original pip-licenses project. While pip-licenses-cli provides a CLI,
pip-licenses-lib provides the library functionality. The CLI builds upon the library.
You can install this package from PyPI:
python -m pip install pip-licenses-cli
If you want to additionally parse license declarations with SPDX expressions, then also install the spdx extra:
python -m pip install 'pip-licenses-cli[spdx]'
Alternatively, you can use the package from source directly after installing the required dependencies.
Execute the command with your venv (or virtualenv) environment.
# Install packages in your venv environment
(venv) $ pip install Django pip-licenses-cli
# Check the licenses with your venv environment
(venv) $ pip-licenses
Name Version License
Django 2.0.2 BSD
pytz 2017.3 MIT
For further details, see the detailed docs.
If a UnicodeEncodeError occurs, check your environment variables LANG and LC_TYPE.
Additionally, you can set PYTHONIOENCODING to override the encoding used for stdout.
This mostly occurs in isolated environments such as Docker and tox.
See useful reports:
pip-licenses-cli has been implemented in the policy to minimize the dependencies on external packages.
If you are using SPDX support with the spdx extra, the following additional dependencies are required:
This package is subject to the terms of the MIT license.
All results are generated automatically from the data supplied by the corresponding package maintainers and provided on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. No generated content should be considered or used as legal advice. Consult an Attorney for any legal advice.
FAQs
Dump the software license list of Python packages installed with pip.
We found that pip-licenses-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.