Check licenses ๐จโโ๏ธ
Very Good CLI offers a simple and straightforward license checker for dependencies hosted by Dart's package manager. Allowing developers to easily keep track of the rights and restrictions external dependencies might impose on their projects.
Quick Start ๐โ
To get started, install Very Good CLI and run the following command within your Dart or Flutter project:
very_good packages check licenses
We do not collect any information about your project or dependencies. The license checker doesn't require an internet connection, it detects licenses locally using Dart's package analyzer license detector.
Arguments โ๏ธโ
allowedโ
Only allows the use of certain licenses. The command will exit with an error and log the list of all the dependencies that have an unlisted license.
Example usage:โ
very_good packages check licenses --allowed=MIT,BSD-3-Clause
# โ Retrieved 6 licenses from 6 packages of type: BSD-3-Clause (3), MIT (1), unknown (1) and Apache-2.0 (1).
# 2 dependencies have banned licenses: html (unknown) and universal_io (Apache-2.0).
A comprehensive list of all the licenses allowed as options is available within the Supported licenses section of this document.
forbiddenโ
Deny the use of certain licenses. The command will exit with an error and log the list of all the dependencies that have a blocked license.
Example usage:โ
very_good packages check licenses --forbidden=unknown,Apache-2.0
# โ Retrieved 6 licenses from 6 packages of type: BSD-3-Clause (3), MIT (1), unknown (1) and Apache-2.0 (1).
# 2 dependencies have banned licenses: html (unknown) and universal_io (Apache-2.0).
The allowed and forbidden options can't be used at the same time. Typical organization usage dictates which licenses are allowed or forbidden, hence optimizing for that use case.
dependency-typeโ
The type of dependencies to check licenses for. There are three available types:
direct-dev: Another package that your package needs during development.direct-main: Another package that your package needs to work.direct-overridden: A dependency that your package overrides that is not already adirect-mainordirect-devdependency.transitive: A dependency that your package indirectly uses because one of its dependencies requires it.
When unspecified, it defaults to direct-main.
Example usage:โ
very_good packages check licenses --dependency-type=direct-main,transitive
# โ Retrieved 83 licenses from 82 packages of type: BSD-3-Clause (65), MIT (15), unknown (1), BSD-2-Clause (1) and Apache-2.0 (1).
skip-packagesโ
Skips packages from having their licenses checked. Skipped packages will not be checked against allowed or forbidden licenses.
Example usage:โ
very_good packages check licenses --skip-packages=html,universal_io
# โ Retrieved 4 licenses from 4 packages of type: BSD-3-Clause (3) and MIT (1).
ignore-retrieval-failuresโ
Avoids terminating if the license of a dependency could not be retrieved; this may happen if something went wrong when retrieving the license for a package. When enabled, those packages' licenses will fallback to unknown.
Example usage:โ
very_good packages check licenses --ignore-retrieval-failures
# โ Retrieved 6 licenses from 6 packages of type: BSD-3-Clause (3), MIT (1), unknown (1) and Apache-2.0 (1).
Supported licenses ๐ณโ
The license detection is processed by Dart's package analyzer, which reports commonly found licenses (SPDX licenses). The list of accepted licenses can be seen in the SPDX GitHub repository or in the SPDX License enumeration. Therefore, when specifying a license within arguments it must strictly match with the SPDX license name.
If a license file is incorrectly formatted or is not a commonly found license, then it might be reported as unknown. If the former is true, we suggest notifying the package maintainer about the issue.