Scan project dependencies for license compatibility issues across multiple ecosystems.
# Basic scan (permissive policy)
python3 scripts/license_audit.py /path/to/project
# Strict enterprise scan with CI exit codes
python3 scripts/license_audit.py /path/to/project --policy permissive --ci --format markdown
# Allow weak copyleft (LGPL, MPL)
python3 scripts/license_audit.py /path/to/project --policy weak-copyleft
# Include transitive deps (npm)
python3 scripts/license_audit.py /path/to/project --include-transitive
# JSON output for tooling
python3 scripts/license_audit.py /path/to/project --format json
| Ecosystem | Files Parsed | License Source |
|---|---|---|
| ----------- | ------------- | ---------------- |
| npm | package.json, package-lock.json, node_modules/*/package.json | Package metadata |
| pip | requirements.txt, Pipfile, pyproject.toml | Installed package metadata |
| Go | go.mod | Manual/UNKNOWN (no local metadata) |
| Rust | Cargo.toml | Manual/UNKNOWN (no local metadata) |
| Ruby | Gemfile | Manual/UNKNOWN (no local metadata) |
npm and pip auto-detect licenses from installed packages. Go/Rust/Ruby report UNKNOWN unless packages are installed — review manually.
| Policy | Allows | Use When |
|---|---|---|
| -------- | -------- | ---------- |
permissive (default) | MIT, Apache-2.0, BSD, ISC, etc. | Proprietary/commercial projects |
weak-copyleft | + LGPL, MPL, EPL | Library consumers (dynamic linking) |
any-open | All OSI-approved | Open-source projects |
custom | User-defined | Enterprise with specific requirements |
For custom policy setup, see references/custom-policy.md.
text — Human-readable terminal output (default)json — Machine-readable for CI pipelines and toolingmarkdown — Report with tables, suitable for PRs or documentationWith --ci flag:
0 — No issues1 — Warnings only (unknown licenses)2 — Policy violations foundThe scanner classifies licenses into categories:
SPDX expressions (MIT OR Apache-2.0, MIT AND BSD-3-Clause) are evaluated: OR picks most permissive, AND picks most restrictive.
.license-policy.json for custom rules--ci flag to CI pipeline for automated enforcement共 1 个版本