pylic - Python license checker

A Python license checker. pylic is PEP-639-compliant and supports the SPDX License Expression syntax.

Principles:

• All licenses of all installed packages are relevant.
• All installed packages without a license are considered unsafe and have to be listed as such.
• Every license has to be allowed explicitly.

Installation

pip install pylic

Configuration

pylic needs be run in the directory where your pyproject.toml file is located. You can configure

• safe_licenses: All licenses you consider safe for usage. The string comparison is case-insensitive.
• unsafe_packages: List packages that have no license or use licenses not considered safe.

[tool.pylic]
safe_licenses = [
    "Apache Software License",
    "Apache License 2.0",
    "MIT License",
    "Python Software Foundation License",
    "Mozilla Public License 2.0 (MPL 2.0)",
]
unsafe_packages = [
    "unsafe_package",
]

Commands

pylic provides the following commands (also see pylic --help):

• check: Checks all installed licenses.
• list: Lists all installed packages and their corresponding license.

Usage Example

Create a venv to start with a clean ground and activate it

python -m venv .venv
source .venv/bin/activate

Install pylic and create an empty pyproject.toml

pip install pylic
touch pyproject.toml

Install all your dependencies

pip install <packageA> <packageB>

Run pylic

pylic check

The output will be similar to

Found unsafe packages:
  pkg_resources (0.0.0)
Found unsafe licenses:
  pip (18.1): MIT License
  zipp (3.4.1): MIT License
  toml (0.10.2): MIT License
  pylic (1.2.0): MIT License
  setuptools (40.8.0): MIT License
  typing-extensions (3.7.4.3): Python Software Foundation License
  importlib-metadata (3.9.0): Apache Software License

The return code of pylic is in this case non-zero due to unsafe licenses. This allows usage of pylic in CI.

echo $? # prints 1

As these licenses and packages are all ok we can configure pylic accordingly

cat <<EOT >> pyproject.toml
[tool.pylic]
safe_licenses = ["Apache Software License", "MIT License", "Python Software Foundation License"]
unlicensed_packages = ["pkg_resources"]
EOT

After rerunning pylic check the output now reveals a successful validation

✨ All licenses ok ✨

Also the return code now signals that all is good

echo $? # prints 0

Use pylic list to list all installed packages and their corresponding licenses.

Advanced Usage

In cases where the safe licenses or unsafe packages are centrally managed keeping the configuration in perfect sync to the installed packages might be too cumbersome or even impossible. To support these use cases the check command provides the two options (see also check --help) --allow-extra-safe-licenses and --allow-extra-unsafe-packages. These options only affect the returned status code and will keep all corresponding warnings unchanged.

Pre-commit

pylic provides a pre-commit integration. Follow the instructions and enable automatic license checking on commits by adding

-  repo: https://github.com/ubersan/pylic
   rev: v<version>
   hooks:
   -  id: pylic

to your .pre-commit-config.yaml file.

Development

Required tools:

• uv (https://docs.astral.sh/uv/)

Run uv sync to install all necessary dependencies. Checkout the [tool.taskipy.tasks] (see taskipy) section in the pyproject.toml file for utility tasks. You can run these with uv run task <task>.

Creating a new release is as simple as:

• Update version in the pyproject.toml and the __version__.py file.
• Run git tag <new-version>.
• Run git push origin <new-version>.