logo

Crate licensebat_cli

source · []
Expand description

A tool to help you verify that your dependencies comply with your license policies.

What is Licensebat?

Licensebat is a CLI that you can use for free to verify that the dependencies of your project follow your license policies.

Let’s say, for instance, that you are building a commercial application. In that case, you may consider avoiding the use of some software with a restrictive license like GPL.

By using Licensebat, you can check you don’t have any dependency with such a restrictive license. Normally, it will look in all the the dependency tree of your project, so transient dependencies will also be considered.

Feel free to use the CLI in your CI/CD pipeline, or in your continuous integration server.

     Warning: licensebat-cli is still in development so you may use it at your own risk.

Licensebat GitHub App

Aside from the CLI, Licensebat can be used directly in your GitHub repositories by installing this GitHub App.

Supported languages

Crates.io Crates.io Crates.io

How to use it

Just run this:

licensebat --dependency-file ./Cargo.lock

That will set all in motion. Take into account that you’ll need to have access to the internet for the cli to work properly.

You can have more information about the CLI by running licensebat --help.

USAGE:
licensebat [OPTIONS] --dependency-file <dependency-file>
FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information
OPTIONS:
    -d, --dependency-file <dependency-file>    Path to the file containing the dependencies of the project. i.e.
                                               package-lock.json for npm projects, yarn.lock for yarn projects, etc
    -l, --licrc-file <licrc-file>              Path to the .licrc file [default: .licrc]
    -f, --output-format <output-format>        Output format (json | markdown). Defaults to json.

The .licrc file

But before running, you have to be sure you have a .licrc file available in your project.

You can get a copy from this gist. It’s a TOML file with configuration about which are the accepted or denied licenses, ignored dependencies or whether to block or not the PR (exit code == 1) in case it finds invalid dependencies.

[licenses]
accepted = ["MIT", "MSC", "BSD"]

[dependencies]
ignored=["ignored_dep1", "ignored_dep2"]

[behavior]
do_not_block_pr = false

Logs

Licensebat uses tracing. You can get logs while running the CLI by setting the RUST_LOG environment variable.

RUST_LOG=licensebat=info cargo run --dependency-file ./Cargo.lock

Structs

RunResult

Result of the dependency validation.

Functions

run

Checks the dependencies of a project.