metasyntactical / composer-plugin-license-check
Plugin for Composer to restrict installation of packages to valid licenses.
Installs: 775 706
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 5
Forks: 5
Open Issues: 3
Type:composer-plugin
Requires
- php: 8.1.*|8.2.*|8.3.*
- composer-plugin-api: ^2.0
Requires (Dev)
- bamarni/composer-bin-plugin: ^1.8
- composer/composer: ^2.8
- infection/infection: 0.27.10
- phpunit/phpunit: ^10.5
- 2.4.x-dev
- 2.3.x-dev
- 2.3.0
- 2.2.x-dev
- 2.2.2
- 2.2.1
- 2.2.0
- 2.1.x-dev
- 2.1.0
- 2.0.x-dev
- 2.0.3
- 2.0.2
- 2.0.1
- 2.0.0
- v1.1.0
- v1.0.0
- v0.6.0
- v0.5.0
- v0.4.0
- v0.3.0
- v0.2.0
- v0.1.0
- dev-dependabot/composer/symfony/console-6.4.15
- dev-dependabot/composer/symfony/string-6.4.15
- dev-dependabot/composer/symfony/process-6.4.15
- dev-dependabot/composer/infection/infection-0.29.8
This package is auto-updated.
Last update: 2024-11-14 00:44:08 UTC
README
This composer plugin allows to define a white- and/or blacklist of licenses packages which will be installed in a project will be validated against. If a forbidden license is found in a package the installation of the particular package will be failed.
Additionally a new composer command check-licenses
is provided to list all
packages in the dependencies including their license and if it is allowed to
use.
How to install
Installation procedure follows the general installation process of packages with composer.
Run composer require metasyntactical/composer-plugin-license-check
to add the
package to the composer.json
and install the package.
How to use
The composer plugin reacts on extra variables in the extra-section of the composer.json.
{ "extra": { "metasyntactical/composer-plugin-license-check": { "allow-list": [], "deny-list": [], "allowed-packages": {} } } }
Just specify the allowed or forbidden licenses as array. Use the license identifiers allowed/used in the version-property of the composer.json to be compatible with the general usage.
One may specify additional packages which are allowed despite of license violations.
As key the package name has to be used (similar to require
and require-dev
) and
it allows for specifying semantic versioning constraints as value (which currently
is not checked!).
Important Note: This plugin is licensed under MIT license. Even if you forbid to use MIT licensed packages in your project the plugin itself is the only package it would not complain about (otherwise further checking would not work obviously).