dominikb / composer-license-checker
Utility to check for licenses of dependencies and block/allow them.
Installs: 924 865
Dependents: 5
Suggesters: 0
Security: 0
Stars: 40
Watchers: 3
Forks: 10
Open Issues: 3
Requires
- php: ^7.3 || ^8.0
- ext-json: *
- composer/composer: ~2.2.23 || ^2.7.0
- guzzlehttp/guzzle: ^6.5.8 || ^7.4.5
- psr/simple-cache: ^1.0 || ^2.0 || ^3.0
- symfony/cache: ~4.2.12 || ^4.3.8 || ^5.2 || ^6.0 || ^7.0
- symfony/console: ^5.3 || ^6.0 || ^7.0
- symfony/css-selector: ^4.2 || ^5.2 || ^6.0 || ^7.0
- symfony/dom-crawler: ^5.2 || ^6.0 || ^7.0
Requires (Dev)
- mockery/mockery: ^1.3.3
- phpunit/phpunit: ^9.3
- symfony/var-dumper: ^4.2 || ^5.2 || ^6.0 || ^7.0
README
Quickly scan your dependencies, see what licenses they use or check in your CI that no unwanted licenses were merged.
The lookup of the summaries for every license done on https://tldrlegal.com/.
Please inform yourself in more detail about the licenses you use and do not use the provided summary as your sole information.
Installation
You can install the package via composer:
composer require --dev dominikb/composer-license-checker
Usage
Two separate commands are provided:
./composer-license-checker check./composer-license-checker report
Use ./composer-license-checker help to get info about general usage or use the syntax ./composer-license-checker help COMMAND_NAME to see more information about a specific command available.
./vendor/bin/composer-license-checker check \
--allowlist MIT \ # Fail if anything but MIT license is used
--blocklist GPL \ # Fail if any dependency uses GPL
--allow dominikb/composer-license-checker # Always allow this dependency regardless of its license
vendor/bin/composer-license-checker report -p /path/to/your/project -c /path/to/composer.phar
Path to composer
By default, this tool assumes that "composer" is in your path and a valid command that will call Composer.
If that isn't the case, add the -c or --composer option with the path where to find Composer instead.
This tool comes with Composer installed as a dependency, so you may start with --composer ./vendor/bin/composer, given that you are in this tool's root directory when executing a license check.
If this tool cannot find Composer, it will exit with status code 2, see below.
Exit codes
Any command returns with one of these exit codes:
- 0: Ok
- 1: Offending licenses found in check, or a problem occurred when creating a report
- 2: Internal error when executing the command, may indicate problems calling Composer internally
Testing
composer test
Code coverage reports are output to the build folder. See .phpunit.xml.dist for more testing configuration.
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email bauernfeind.dominik@gmail.com instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.