pylic
Advanced tools
A Python license checker. pylic is PEP-639-compliant and supports the SPDX License Expression syntax.
pip install pylic
pylic needs be run in the directory where your pyproject.toml file is located. You can configure
safe_licenses: All licenses you consider safe for usage. The string comparison is case-insensitive.unsafe_packages: List packages that have no license or use licenses not considered safe.[tool.pylic]
safe_licenses = [
"Apache Software License",
"Apache License 2.0",
"MIT License",
"Python Software Foundation License",
"Mozilla Public License 2.0 (MPL 2.0)",
]
unsafe_packages = [
"unsafe_package",
]
pylic provides the following commands (also see pylic --help):
check: Checks all installed licenses.list: Lists all installed packages and their corresponding license.Create a venv to start with a clean ground and activate it
python -m venv .venv
source .venv/bin/activate
Install pylic and create an empty pyproject.toml
pip install pylic
touch pyproject.toml
Install all your dependencies
pip install <packageA> <packageB>
Run pylic
pylic check
The output will be similar to
Found unsafe packages:
pkg_resources (0.0.0)
Found unsafe licenses:
pip (18.1): MIT License
zipp (3.4.1): MIT License
toml (0.10.2): MIT License
pylic (1.2.0): MIT License
setuptools (40.8.0): MIT License
typing-extensions (3.7.4.3): Python Software Foundation License
importlib-metadata (3.9.0): Apache Software License
The return code of pylic is in this case non-zero due to unsafe licenses. This allows usage of pylic in CI.
echo $? # prints 1
As these licenses and packages are all ok we can configure pylic accordingly
cat <<EOT >> pyproject.toml
[tool.pylic]
safe_licenses = ["Apache Software License", "MIT License", "Python Software Foundation License"]
unlicensed_packages = ["pkg_resources"]
EOT
After rerunning pylic check the output now reveals a successful validation
✨ All licenses ok ✨
Also the return code now signals that all is good
echo $? # prints 0
Use pylic list to list all installed packages and their corresponding licenses.
In cases where the safe licenses or unsafe packages are centrally managed keeping the configuration in perfect sync to the installed packages might be too cumbersome or even impossible. To support these use cases the check command provides the two options (see also check --help) --allow-extra-safe-licenses and --allow-extra-unsafe-packages. These options only affect the returned status code and will keep all corresponding warnings unchanged.
pylic provides a pre-commit integration. Follow the instructions and enable automatic license checking on commits by adding
- repo: https://github.com/ubersan/pylic
rev: v<version>
hooks:
- id: pylic
to your .pre-commit-config.yaml file.
Required tools:
Run uv sync to install all necessary dependencies. Checkout the [tool.taskipy.tasks] (see taskipy) section in the pyproject.toml file for utility tasks. You can run these with uv run task <task>.
Creating a new release is as simple as:
version in the pyproject.toml and the __version__.py file.git tag <new-version>.git push origin <new-version>.FAQs
A Python license checker
We found that pylic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
Product
Scan results now load faster and remain consistent over time, with stable URLs and on-demand rescans for fresh security data.
Product
Socket's new Alert Details page is designed to surface more context, with a clearer layout, reachability dependency chains, and structured review.