license-audit: audit package licenses
| (require license-audit) | package: license-audit |
This package provides a tool raco license-audit to audit package licenses. The tool also shows information from transitive dependencies.
1 Running raco license-audit
raco license-audit ‹option› ... ‹name› ... displays license information of ‹name›s, including their dependencies, to the standard output. By default, it queries information from locally installed packages first, and if the information is not available locally, it proceeds to query information from the package index server.
Following ‹name› is specially recognized:
@ —
a meta package that depends on all packages on the package index server and all packages locally installed. @-global —
a meta package that depends on all packages on the package index server. @-local —
a meta package that depends on all packages locally installed. @-local-user —
a meta package that depends on all packages locally installed in the user scope. @-local-installation —
a meta package that depends on all packages locally installed in the installation scope.
The raco license-audit command accepts the following ‹option›s:
--local-only, -l —
only read the license information from locally installed packages. --global-only, -g —
only read the license information from the package index server. --build-time, -b —
include build-time dependencies. --no-main-distribution —
exclude packages in the main distribution (including their transitive dependencies and its tests). --tags —
show tags (this option requires --global-only). --authors —
show authors and group by them (this option requires --global-only).
2 Examples
As an example, running raco license-audit --local-only license-audit on a aarch64-macosx system might output the following
=== package: license-audit === |
|
30 packages queried |
|
╭─────┬───────────────────────────────┬───────────────────┬──────────────────────────────╮ |
│ * │ package name │ required by │ license │ |
├─────┼───────────────────────────────┼───────────────────┼──────────────────────────────┤ |
│ [l] │ license-audit │ - │ (Apache-2.0 OR MIT) │ |
│ [l] │ base │ license-audit │ (Apache-2.0 OR MIT) │ |
│ [l] │ racket-lib │ base │ (Apache-2.0 OR MIT) │ |
│ [l] │ racket-aarch64-macosx-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (BSD-3-clause AND OpenSSL)) │ |
│ [l] │ text-table │ license-audit │ no license indicated │ |
│ [l] │ pprint │ license-audit │ no license indicated │ |
│ [l] │ dherman-struct │ pprint │ no license indicated │ |
│ [l] │ compatibility-lib │ dherman-struct │ (Apache-2.0 OR MIT) │ |
│ [l] │ scheme-lib │ compatibility-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ net-lib │ compatibility-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ srfi-lite-lib │ net-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ sandbox-lib │ compatibility-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ errortrace-lib │ sandbox-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ source-syntax │ errortrace-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ rackunit-lib │ pprint │ (Apache-2.0 OR MIT) │ |
│ [l] │ testing-util-lib │ rackunit-lib │ (Apache-2.0 OR MIT) │ |
│ [u] │ racket-win32-i386-3 │ racket-lib │ - │ |
│ [u] │ racket-win32-x86_64-3 │ racket-lib │ - │ |
│ [u] │ racket-win32-arm64-3 │ racket-lib │ - │ |
│ [u] │ racket-x86_64-linux-natipkg-3 │ racket-lib │ - │ |
│ [u] │ racket-x86_64-macosx-3 │ racket-lib │ - │ |
│ [u] │ racket-i386-macosx-3 │ racket-lib │ - │ |
│ [u] │ racket-ppc-macosx-3 │ racket-lib │ - │ |
│ [u] │ db-ppc-macosx │ racket-lib │ - │ |
│ [u] │ db-win32-i386 │ racket-lib │ - │ |
│ [u] │ db-win32-x86_64 │ racket-lib │ - │ |
│ [u] │ db-win32-arm64 │ racket-lib │ - │ |
│ [u] │ db-x86_64-linux-natipkg │ racket-lib │ - │ |
│ [u] │ com-win32-i386 │ racket-lib │ - │ |
│ [u] │ com-win32-x86_64 │ racket-lib │ - │ |
╰─────┴───────────────────────────────┴───────────────────┴──────────────────────────────╯ |
|
However, running the same command without --local-only produces:
=== package: license-audit === |
|
30 packages queried |
|
╭─────┬───────────────────────────────┬───────────────────┬──────────────────────────────╮ |
│ * │ package name │ required by │ license │ |
├─────┼───────────────────────────────┼───────────────────┼──────────────────────────────┤ |
│ [l] │ license-audit │ - │ (Apache-2.0 OR MIT) │ |
│ [l] │ base │ license-audit │ (Apache-2.0 OR MIT) │ |
│ [l] │ racket-lib │ base │ (Apache-2.0 OR MIT) │ |
│ [l] │ racket-aarch64-macosx-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (BSD-3-clause AND OpenSSL)) │ |
│ [l] │ text-table │ license-audit │ no license indicated │ |
│ [l] │ pprint │ license-audit │ no license indicated │ |
│ [l] │ dherman-struct │ pprint │ no license indicated │ |
│ [l] │ compatibility-lib │ dherman-struct │ (Apache-2.0 OR MIT) │ |
│ [l] │ scheme-lib │ compatibility-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ net-lib │ compatibility-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ srfi-lite-lib │ net-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ sandbox-lib │ compatibility-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ errortrace-lib │ sandbox-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ source-syntax │ errortrace-lib │ (Apache-2.0 OR MIT) │ |
│ [l] │ rackunit-lib │ pprint │ (Apache-2.0 OR MIT) │ |
│ [l] │ testing-util-lib │ rackunit-lib │ (Apache-2.0 OR MIT) │ |
│ [g] │ com-win32-x86_64 │ racket-lib │ (Apache-2.0 OR MIT) │ |
│ [g] │ com-win32-i386 │ racket-lib │ (Apache-2.0 OR MIT) │ |
│ [g] │ db-x86_64-linux-natipkg │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ blessing) │ |
│ [g] │ db-win32-arm64 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ blessing) │ |
│ [g] │ db-win32-x86_64 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ blessing) │ |
│ [g] │ db-win32-i386 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ blessing) │ |
│ [g] │ db-ppc-macosx │ racket-lib │ (blessing AND (Apache-2.0 OR │ |
│ │ │ │ MIT)) │ |
│ [g] │ racket-ppc-macosx-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ OpenSSL) │ |
│ [g] │ racket-i386-macosx-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (BSD-3-clause AND OpenSSL)) │ |
│ [g] │ racket-x86_64-macosx-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (BSD-3-clause AND OpenSSL)) │ |
│ [g] │ racket-x86_64-linux-natipkg-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ OpenSSL) │ |
│ [g] │ racket-win32-arm64-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (LGPL-3.0-or-later AND │ |
│ │ │ │ OpenSSL)) │ |
│ [g] │ racket-win32-x86_64-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (LGPL-3.0-or-later AND │ |
│ │ │ │ OpenSSL)) │ |
│ [g] │ racket-win32-i386-3 │ racket-lib │ ((Apache-2.0 OR MIT) AND │ |
│ │ │ │ (LGPL-3.0-or-later AND │ |
│ │ │ │ OpenSSL)) │ |
╰─────┴───────────────────────────────┴───────────────────┴──────────────────────────────╯ |
|
3 Output format
The first column indicates the status:
[l] – the package is queried from locally installed packages
[g] – the package is queried from the package index server
[u] – the package can’t be queried from locally installed packages (only applicable for --local-only).
One possible reason for a package to have this status is that the package is a conditional dependency, which will be installed only on a specific platform, and the platform does not match the local platform. For example, in Examples, racket-win32-i386-3 is a conditional dependency (of base). The package will be installed only on win32-i386. Therefore, it has the [u] status, as the local platform here is aarch64-macosx, which doesn’t match win32-i386.
[U] – the package can’t be queried from the package index server (only applicable for non --local-only)
The second column indicates a package name.
The third column indicates what package requires the package. I.e., it shows why the row is included in the output. - means there is no package that requires the package (because it is a ‹name›).
The fourth column indicates a license S-expression. If there is no license defined, no license indicated will be shown.