Licensebat CLI

一个帮助您验证依赖项是否符合您的许可证策略的工具。

查看 文档 获取更多信息。

什么是 Licensebat？

Licensebat 是一个您可以免费使用的 CLI，用于验证您的项目依赖项是否遵循您的许可证策略。

比如说，如果您正在构建一个专有应用程序，那么您可能会考虑避免使用一些具有限制性许可证的软件，比如 GPL。

使用 Licensebat，您可以检查您的依赖项中是否没有这样的限制性许可证。通常，它将检查您的项目依赖项树中的所有内容，因此临时依赖项也将被考虑在内。

您可以在 CI/CD 流程或持续集成服务器中使用此 CLI。

重要： licensebat-cli 仍在开发中，因此您可能需要自行承担使用风险。

Licensebat GitHub App

除了 CLI 之外，Licensebat 还可以通过安装此 GitHub App 直接在您的 GitHub 仓库中使用。

支持的语言

如何使用它

只需运行以下命令：

licensebat --dependency-file ./Cargo.lock

这将启动整个过程。请注意，为了使 CLI 正常工作，您需要连接到互联网。

您可以通过运行 licensebat --help 获取有关 CLI 的更多信息。

USAGE:
licensebat [OPTIONS] --dependency-file <dependency-file>
FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information
OPTIONS:
    -d, --dependency-file <dependency-file>    Path to the file containing the dependencies of the project. i.e.
                                               package-lock.json for npm projects, yarn.lock for yarn projects, etc
    -l, --licrc-file <licrc-file>              Path to the .licrc file [default: .licrc]

.licrc 文件

但在运行之前，您必须确保您的项目中有一个可用的 .licrc 文件。

您可以从这个gist中获取一份。它是一个TOML文件，包含有关哪些许可证被接受或拒绝、忽略的依赖项或是否在找到无效依赖项时阻止或不禁止PR（退出代码==1）的配置。

[licenses]
# This indicates which are the only licenses that Licensebat will accept.
# The rest will be flagged as not allowed.
accepted = ["MIT", "MSC", "BSD"]
# This will indicate which licenses are not accepted.
# The rest will be accepted, except for the unknown licenses or dependencies without licenses.
# unaccepted = ["LGPL"]
# Note that only one of the previous options can be enabled at once.
# If both of them are informed, only accepted will be considered.

[dependencies]
# This will allow users to flag some dependencies so that Licensebat will not check for their license.
ignored=["ignored_dep1", "ignored_dep2"]
# False by default, if true it will mark all dev dependencies as ignored.
# Bear in mind that this is only supported by some of the collectors.
ignore_dev_dependencies = false
# False by default, if true it will mark all optional dependencies as ignored.
# Bear in mind that this is only supported by some of the collectors.
ignore_optional_dependencies = false

[behavior]
# False by default (always exit code == 0), if true, it will exit with code 1 in case some invalid dependency is found.
do_not_block_pr = false
# False by default, if true it will do not show the ignored dependencies in the final report.
do_not_show_ignored_dependencies = false
# False by default, if true it will do not show the dev dependencies in the final report.
# Bear in mind that this is only supported by some of the collectors.
do_not_show_dev_dependencies = false
# False by default, if true it will do not show the optional dependencies in the final report.
# Bear in mind that this is only supported by some of the collectors.
do_not_show_optional_dependencies = false
# This will define the size of the buffer used to retrieve the dependencies.
# It's set to 100 by default.
# If you have a lot of dependencies, you might want to increase this value, but be careful, if the size is too big, the API might return an error.
retriever_buffer_size = 100

日志

Licensebat使用了tracing。您可以通过设置RUST_LOG环境变量，在运行CLI时获取日志。

RUST_LOG=licensebat=info cargo run --dependency-file ./Cargo.lock