21 个不稳定版本
0.22.0 | 2024 年 6 月 1 日 |
---|---|
0.21.0 | 2023 年 5 月 23 日 |
0.20.0 | 2023 年 3 月 30 日 |
0.17.0 | 2022 年 12 月 30 日 |
0.0.3 | 2021 年 12 月 30 日 |
在 开发工具 中排名 171
每月下载量 1,188
2MB
2K SLoC
Licensebat CLI
一个帮助您验证依赖项是否符合您的许可证策略的工具。
查看 文档 获取更多信息。
什么是 Licensebat?
Licensebat
是一个您可以免费使用的 CLI,用于验证您的项目依赖项是否遵循您的许可证策略。
比如说,如果您正在构建一个专有应用程序,那么您可能会考虑避免使用一些具有限制性许可证的软件,比如 GPL
。
使用 Licensebat
,您可以检查您的依赖项中是否没有这样的限制性许可证。通常,它将检查您的项目依赖项树中的所有内容,因此临时依赖项也将被考虑在内。
您可以在 CI/CD 流程或持续集成服务器中使用此 CLI
。
重要:
licensebat-cli
仍在开发中,因此您可能需要自行承担使用风险。
Licensebat GitHub App
除了 CLI
之外,Licensebat
还可以通过安装此 GitHub App 直接在您的 GitHub 仓库中使用。
支持的语言
如何使用它
只需运行以下命令:
licensebat --dependency-file ./Cargo.lock
这将启动整个过程。请注意,为了使 CLI 正常工作,您需要连接到互联网。
您可以通过运行 licensebat --help
获取有关 CLI
的更多信息。
USAGE:
licensebat [OPTIONS] --dependency-file <dependency-file>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-d, --dependency-file <dependency-file> Path to the file containing the dependencies of the project. i.e.
package-lock.json for npm projects, yarn.lock for yarn projects, etc
-l, --licrc-file <licrc-file> Path to the .licrc file [default: .licrc]
.licrc 文件
但在运行之前,您必须确保您的项目中有一个可用的 .licrc
文件。
您可以从这个gist中获取一份。它是一个TOML
文件,包含有关哪些许可证被接受或拒绝、忽略的依赖项或是否在找到无效依赖项时阻止或不禁止PR(退出代码==1)的配置。
[licenses]
# This indicates which are the only licenses that Licensebat will accept.
# The rest will be flagged as not allowed.
accepted = ["MIT", "MSC", "BSD"]
# This will indicate which licenses are not accepted.
# The rest will be accepted, except for the unknown licenses or dependencies without licenses.
# unaccepted = ["LGPL"]
# Note that only one of the previous options can be enabled at once.
# If both of them are informed, only accepted will be considered.
[dependencies]
# This will allow users to flag some dependencies so that Licensebat will not check for their license.
ignored=["ignored_dep1", "ignored_dep2"]
# False by default, if true it will mark all dev dependencies as ignored.
# Bear in mind that this is only supported by some of the collectors.
ignore_dev_dependencies = false
# False by default, if true it will mark all optional dependencies as ignored.
# Bear in mind that this is only supported by some of the collectors.
ignore_optional_dependencies = false
[behavior]
# False by default (always exit code == 0), if true, it will exit with code 1 in case some invalid dependency is found.
do_not_block_pr = false
# False by default, if true it will do not show the ignored dependencies in the final report.
do_not_show_ignored_dependencies = false
# False by default, if true it will do not show the dev dependencies in the final report.
# Bear in mind that this is only supported by some of the collectors.
do_not_show_dev_dependencies = false
# False by default, if true it will do not show the optional dependencies in the final report.
# Bear in mind that this is only supported by some of the collectors.
do_not_show_optional_dependencies = false
# This will define the size of the buffer used to retrieve the dependencies.
# It's set to 100 by default.
# If you have a lot of dependencies, you might want to increase this value, but be careful, if the size is too big, the API might return an error.
retriever_buffer_size = 100
日志
Licensebat
使用了tracing
。您可以通过设置RUST_LOG
环境变量,在运行CLI
时获取日志。
RUST_LOG=licensebat=info cargo run --dependency-file ./Cargo.lock
依赖项
~18–35MB
~508K SLoC