dominikb/composer-license-checker

Utility to check for licenses of dependencies and block/allow them.

2.6.0 2024-07-06 14:35 UTC

This package is auto-updated.

Last update: 2024-10-13 14:13:37 UTC


README

Latest Version on Packagist Build Status Quality Score Scrutinizer coverage Total Downloads

Quickly scan your dependencies, see what licenses they use or check in your CI that no unwanted licenses were merged.

The lookup of the summaries for every license done on https://tldrlegal.com/.
Please inform yourself in more detail about the licenses you use and do not use the provided summary as your sole information.

Installation

You can install the package via composer:

composer require --dev dominikb/composer-license-checker

Usage

Two separate commands are provided:

  • ./composer-license-checker check
  • ./composer-license-checker report

Use ./composer-license-checker help to get info about general usage or use the syntax ./composer-license-checker help COMMAND_NAME to see more information about a specific command available.

./vendor/bin/composer-license-checker check \
        --allowlist MIT \ # Fail if anything but MIT license is used
        --blocklist GPL \ # Fail if any dependency uses GPL
        --allow dominikb/composer-license-checker # Always allow this dependency regardless of its license

vendor/bin/composer-license-checker report -p /path/to/your/project -c /path/to/composer.phar

Path to composer

By default, this tool assumes that "composer" is in your path and a valid command that will call Composer.

If that isn't the case, add the -c or --composer option with the path where to find Composer instead. This tool comes with Composer installed as a dependency, so you may start with --composer ./vendor/bin/composer, given that you are in this tool's root directory when executing a license check.

If this tool cannot find Composer, it will exit with status code 2, see below.

Exit codes

Any command returns with one of these exit codes:

  • 0: Ok
  • 1: Offending licenses found in check, or a problem occurred when creating a report
  • 2: Internal error when executing the command, may indicate problems calling Composer internally

Testing

composer test

Code coverage reports are output to the build folder. See .phpunit.xml.dist for more testing configuration.

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email bauernfeind.dominik@gmail.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.