I’ve recently been working on a Mix task to check dependency licenses.
There are a few mix tasks in this project:
mix licenses will print a summary of your dependencies and whether their licenses are valid SPDX identifiers.
$ mix licenses Dependency Status ex_doc all valid httpoison all valid poison all valid
mix licenses.explain will print the dependencies that have unidentifiable licenses.
License IDs defined by the package should be an identifier on the SPDX License List.
You can also pass the
--osi flag to all these tasks in order to ensure all licenses are approved by the Open Source Initiative.
$ mix licenses.explain --osi dependency_a has 1 unsafe licenses: - "MIT License" is not an SPDX ID. dependency_b has 1 unsafe licenses: - "WTFPL" is not OSI-approved.
mix licenses.lint will check the package info in your own project,
and returns an error code to your shell if the ID is not found.
$ mix licenses.lint This project has 1 unsafe licenses: - "badid" is not an SPDX ID
This project is a lot like
licensir, which I learned of today while reading the forum on this topic, and saw that it was recently archived. I think we have similar goals in mind, and of course we share the same mix task name, so please consider
hex_licenses as a replacement.
I’d love if I could add more license-related functionality to this project, so please suggest something!