pylic
Advanced tools
A Python license checker. pylic is PEP-639-compliant and supports the SPDX License Expression syntax.
pip install pylic
pylic needs be run in the directory where your pyproject.toml file is located. You can configure
safe_licenses: All licenses you consider safe for usage. The string comparison is case-insensitive.unsafe_packages: List packages that have no license or use licenses not considered safe.[tool.pylic]
safe_licenses = [
"Apache Software License",
"Apache License 2.0",
"MIT License",
"Python Software Foundation License",
"Mozilla Public License 2.0 (MPL 2.0)",
]
unsafe_packages = [
"unsafe_package",
]
pylic provides the following commands (also see pylic --help):
check: Checks all installed licenses.list: Lists all installed packages and their corresponding license.Create a venv to start with a clean ground and activate it
python -m venv .venv
source .venv/bin/activate
Install pylic and create an empty pyproject.toml
pip install pylic
touch pyproject.toml
Install all your dependencies
pip install <packageA> <packageB>
Run pylic
pylic check
The output will be similar to
Found unsafe packages:
pkg_resources (0.0.0)
Found unsafe licenses:
pip (18.1): MIT License
zipp (3.4.1): MIT License
toml (0.10.2): MIT License
pylic (1.2.0): MIT License
setuptools (40.8.0): MIT License
typing-extensions (3.7.4.3): Python Software Foundation License
importlib-metadata (3.9.0): Apache Software License
The return code of pylic is in this case non-zero due to unsafe licenses. This allows usage of pylic in CI.
echo $? # prints 1
As these licenses and packages are all ok we can configure pylic accordingly
cat <<EOT >> pyproject.toml
[tool.pylic]
safe_licenses = ["Apache Software License", "MIT License", "Python Software Foundation License"]
unlicensed_packages = ["pkg_resources"]
EOT
After rerunning pylic check the output now reveals a successful validation
✨ All licenses ok ✨
Also the return code now signals that all is good
echo $? # prints 0
Use pylic list to list all installed packages and their corresponding licenses.
In cases where the safe licenses or unsafe packages are centrally managed keeping the configuration in perfect sync to the installed packages might be too cumbersome or even impossible. To support these use cases the check command provides the two options (see also check --help) --allow-extra-safe-licenses and --allow-extra-unsafe-packages. These options only affect the returned status code and will keep all corresponding warnings unchanged.
pylic provides a pre-commit integration. Follow the instructions and enable automatic license checking on commits by adding
- repo: https://github.com/ubersan/pylic
rev: v<version>
hooks:
- id: pylic
to your .pre-commit-config.yaml file.
Required tools:
Run uv sync to install all necessary dependencies. Checkout the [tool.taskipy.tasks] (see taskipy) section in the pyproject.toml file for utility tasks. You can run these with uv run task <task>.
Creating a new release is as simple as:
version in the pyproject.toml and the __version__.py file.git tag <new-version>.git push origin <new-version>.FAQs
A Python license checker
We found that pylic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Campaign-level threat intelligence in Socket now shows when active supply chain attacks affect your repositories and packages.
Research
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.
Security News
Node.js 25.4.0 makes require(esm) stable, formalizing CommonJS and ESM compatibility across supported Node versions.