21 个不稳定版本

0.22.0 2024 年 6 月 1 日
0.21.0 2023 年 5 月 23 日
0.20.0 2023 年 3 月 30 日
0.17.0 2022 年 12 月 30 日
0.0.3 2021 年 12 月 30 日

开发工具 中排名 171

Download history 198/week @ 2024-05-31 14/week @ 2024-06-07 4/week @ 2024-06-14

每月下载量 1,188

MIT 许可证

2MB
2K SLoC

Licensebat CLI

一个帮助您验证依赖项是否符合您的许可证策略的工具。

查看 文档 获取更多信息。

license crates.io docs.rs

什么是 Licensebat?

Licensebat 是一个您可以免费使用的 CLI,用于验证您的项目依赖项是否遵循您的许可证策略。

比如说,如果您正在构建一个专有应用程序,那么您可能会考虑避免使用一些具有限制性许可证的软件,比如 GPL

使用 Licensebat,您可以检查您的依赖项中是否没有这样的限制性许可证。通常,它将检查您的项目依赖项树中的所有内容,因此临时依赖项也将被考虑在内。

您可以在 CI/CD 流程或持续集成服务器中使用此 CLI

重要licensebat-cli 仍在开发中,因此您可能需要自行承担使用风险。

Licensebat GitHub App

除了 CLI 之外,Licensebat 还可以通过安装此 GitHub App 直接在您的 GitHub 仓库中使用。

支持的语言

Crates.io Crates.io Crates.io

如何使用它

只需运行以下命令:

licensebat --dependency-file ./Cargo.lock

这将启动整个过程。请注意,为了使 CLI 正常工作,您需要连接到互联网。

您可以通过运行 licensebat --help 获取有关 CLI 的更多信息。

USAGE:
licensebat [OPTIONS] --dependency-file <dependency-file>
FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information
OPTIONS:
    -d, --dependency-file <dependency-file>    Path to the file containing the dependencies of the project. i.e.
                                               package-lock.json for npm projects, yarn.lock for yarn projects, etc
    -l, --licrc-file <licrc-file>              Path to the .licrc file [default: .licrc]

.licrc 文件

但在运行之前,您必须确保您的项目中有一个可用的 .licrc 文件。

您可以从这个gist中获取一份。它是一个TOML文件,包含有关哪些许可证被接受或拒绝、忽略的依赖项或是否在找到无效依赖项时阻止或不禁止PR(退出代码==1)的配置。

[licenses]
# This indicates which are the only licenses that Licensebat will accept.
# The rest will be flagged as not allowed.
accepted = ["MIT", "MSC", "BSD"]
# This will indicate which licenses are not accepted.
# The rest will be accepted, except for the unknown licenses or dependencies without licenses.
# unaccepted = ["LGPL"]
# Note that only one of the previous options can be enabled at once.
# If both of them are informed, only accepted will be considered.

[dependencies]
# This will allow users to flag some dependencies so that Licensebat will not check for their license.
ignored=["ignored_dep1", "ignored_dep2"]
# False by default, if true it will mark all dev dependencies as ignored.
# Bear in mind that this is only supported by some of the collectors.
ignore_dev_dependencies = false
# False by default, if true it will mark all optional dependencies as ignored.
# Bear in mind that this is only supported by some of the collectors.
ignore_optional_dependencies = false

[behavior]
# False by default (always exit code == 0), if true, it will exit with code 1 in case some invalid dependency is found.
do_not_block_pr = false
# False by default, if true it will do not show the ignored dependencies in the final report.
do_not_show_ignored_dependencies = false
# False by default, if true it will do not show the dev dependencies in the final report.
# Bear in mind that this is only supported by some of the collectors.
do_not_show_dev_dependencies = false
# False by default, if true it will do not show the optional dependencies in the final report.
# Bear in mind that this is only supported by some of the collectors.
do_not_show_optional_dependencies = false
# This will define the size of the buffer used to retrieve the dependencies.
# It's set to 100 by default.
# If you have a lot of dependencies, you might want to increase this value, but be careful, if the size is too big, the API might return an error.
retriever_buffer_size = 100

日志

Licensebat使用了tracing。您可以通过设置RUST_LOG环境变量,在运行CLI时获取日志。

RUST_LOG=licensebat=info cargo run --dependency-file ./Cargo.lock

依赖项

~18–35MB
~508K SLoC