{"id":13599742,"url":"https://github.com/fsfe/reuse-tool","last_synced_at":"2026-02-21T17:34:50.816Z","repository":{"id":35052283,"uuid":"180988699","full_name":"fsfe/reuse-tool","owner":"fsfe","description":"This is a mirror of https://codeberg.org/fsfe/reuse-tool","archived":false,"fork":false,"pushed_at":"2025-12-21T18:00:36.000Z","size":7472,"stargazers_count":554,"open_issues_count":2,"forks_count":169,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-12-23T07:23:57.112Z","etag":null,"topics":["analyzer","copyright","free-software","fsfe","licensing","linter","python","reuse","sbom","spdx"],"latest_commit_sha":null,"homepage":"https://reuse.software","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fsfe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSES/Apache-2.0.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["fsfe"],"custom":["https://my.fsfe.org/donate?referrer=https://github.com/fsfe/reuse-tool"]}},"created_at":"2019-04-12T10:46:18.000Z","updated_at":"2025-12-21T18:00:39.000Z","dependencies_parsed_at":"2024-04-08T08:47:31.574Z","dependency_job_id":"1e9579c0-7b7d-4bb8-93ee-e67910b10b2f","html_url":"https://github.com/fsfe/reuse-tool","commit_stats":{"total_commits":1344,"total_committers":94,"mean_commits":"14.297872340425531","dds":0.3928571428571429,"last_synced_commit":"538730a24db5a1b015e1813c0c4ec7b8225a4395"},"previous_names":[],"tags_count":55,"template":false,"template_full_name":null,"purl":"pkg:github/fsfe/reuse-tool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fsfe%2Freuse-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fsfe%2Freuse-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fsfe%2Freuse-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fsfe%2Freuse-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fsfe","download_url":"https://codeload.github.com/fsfe/reuse-tool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fsfe%2Freuse-tool/sbom","scorecard":{"id":412699,"data":{"date":"2025-08-11","repo":{"name":"github.com/fsfe/reuse-tool","commit":"b9e89f383ae2b27c490a8819b36f97735b624d32"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Code-Review","score":2,"reason":"Found 5/22 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":10,"reason":"14 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSES/Apache-2.0.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSES/Apache-2.0.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'actions' permission set to 'write': .github/workflows/close_inactive_issues.yaml:11","Warn: topLevel 'contents' permission set to 'write': .github/workflows/close_inactive_issues.yaml:12","Warn: no topLevel permission defined: .github/workflows/docker.yaml:1","Warn: no topLevel permission defined: .github/workflows/gettext.yaml:1","Warn: no topLevel permission defined: .github/workflows/jujutsu.yaml:1","Warn: no topLevel permission defined: .github/workflows/license_list_up_to_date.yaml:1","Warn: no topLevel permission defined: .github/workflows/pijul.yaml:1","Warn: no topLevel permission defined: .github/workflows/test.yaml:1","Warn: no topLevel permission defined: .github/workflows/third_party_lint.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker.yaml:47"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close_inactive_issues.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/close_inactive_issues.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/docker.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gettext.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/gettext.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jujutsu.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/jujutsu.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/jujutsu.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/jujutsu.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_list_up_to_date.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/license_list_up_to_date.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_list_up_to_date.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/license_list_up_to_date.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pijul.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/pijul.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pijul.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/pijul.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_lint.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/third_party_lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_lint.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/third_party_lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_lint.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/third_party_lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third_party_lint.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/fsfe/reuse-tool/third_party_lint.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:7","Warn: containerImage not pinned by hash: Dockerfile:12","Warn: containerImage not pinned by hash: Dockerfile:28","Warn: containerImage not pinned by hash: Dockerfile-debian:6","Warn: containerImage not pinned by hash: Dockerfile-debian:15","Warn: containerImage not pinned by hash: Dockerfile-debian:33","Warn: pipCommand not pinned by hash: .github/workflows/jujutsu.yaml:28","Warn: pipCommand not pinned by hash: .github/workflows/pijul.yaml:28","Warn: pipCommand not pinned by hash: .github/workflows/test.yaml:39","Warn: pipCommand not pinned by hash: .github/workflows/test.yaml:55","Warn: pipCommand not pinned by hash: .github/workflows/test.yaml:71","Warn: pipCommand not pinned by hash: .github/workflows/test.yaml:88","Warn: npmCommand not pinned by hash: .github/workflows/test.yaml:101","Warn: pipCommand not pinned by hash: .github/workflows/test.yaml:114","Warn: pipCommand not pinned by hash: .github/workflows/test.yaml:129","Warn: pipCommand not pinned by hash: .github/workflows/third_party_lint.yaml:62","Warn: pipCommand not pinned by hash: .github/workflows/third_party_lint.yaml:39","Info:   0 out of  27 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of   6 containerImage dependencies pinned","Info:   2 out of  12 pipCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-48p4-8xcf-vxj5","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T23:07:01.867Z","repository_id":35052283,"created_at":"2025-08-18T23:07:01.867Z","updated_at":"2025-08-18T23:07:01.867Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29688286,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T15:51:39.154Z","status":"ssl_error","status_checked_at":"2026-02-21T15:49:03.425Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","copyright","free-software","fsfe","licensing","linter","python","reuse","sbom","spdx"],"created_at":"2024-08-01T17:01:10.502Z","updated_at":"2026-02-21T17:34:46.288Z","avatar_url":"https://github.com/fsfe.png","language":"Python","readme":"\u003c!--\nSPDX-FileCopyrightText: 2017 Free Software Foundation Europe e.V. \u003chttps://fsfe.org\u003e\n\nSPDX-License-Identifier: CC-BY-SA-4.0\n--\u003e\n\n# reuse\n\n[![The latest version of reuse can be found on PyPI.](https://img.shields.io/pypi/v/reuse.svg)](https://pypi.python.org/pypi/reuse)\n[![Information on what versions of Python reuse supports can be found on PyPI.](https://img.shields.io/pypi/pyversions/reuse.svg)](https://pypi.python.org/pypi/reuse)\n[![REUSE status](https://api.reuse.software/badge/github.com/fsfe/reuse-tool)](https://api.reuse.software/info/github.com/fsfe/reuse-tool)\n[![standard-readme compliant](https://img.shields.io/badge/readme%20style-standard-brightgreen.svg)](https://github.com/RichardLitt/standard-readme)\n[![Packaging status](https://repology.org/badge/tiny-repos/reuse.svg?header=in%20distro%20repos)](https://repology.org/project/reuse/versions)\n[![Translation status](https://hosted.weblate.org/widgets/fsfe/-/reuse-tool/svg-badge.svg)](https://hosted.weblate.org/projects/fsfe/reuse-tool/)\n\nreuse is a tool for compliance with the [REUSE](https://reuse.software/)\nrecommendations.\n\n- Documentation: \u003chttps://reuse.readthedocs.io\u003e and \u003chttps://reuse.software\u003e\n- Source code: \u003chttps://github.com/fsfe/reuse-tool\u003e\n- PyPI: \u003chttps://pypi.python.org/pypi/reuse\u003e\n- REUSE: 3.3\n- Python: 3.10+\n\n## Table of contents\n\n- [Background](#background)\n- [Install](#install)\n- [Usage](#usage)\n- [Maintainers](#maintainers)\n- [Contributing](#contributing)\n- [Licensing](#licensing)\n\n## Background\n\n\u003c!-- REUSE-IgnoreStart --\u003e\n\nCopyright and licensing is difficult, especially when reusing software from\ndifferent projects that are released under various different licenses.\n[REUSE](https://reuse.software) was started by the\n[Free Software Foundation Europe](https://fsfe.org) (FSFE) to provide a set of\nrecommendations to make licensing your Free Software projects easier. Not only\ndo these recommendations make it easier for you to declare the licenses under\nwhich your works are released, but they also make it easier for a computer to\nunderstand how your project is licensed.\n\n\u003c!-- REUSE-IgnoreEnd --\u003e\n\nAs a short summary, the recommendations are threefold:\n\n1. Choose and provide licenses\n2. Add copyright and licensing information to each file\n3. Confirm REUSE compliance\n\nYou are recommended to read [our tutorial](https://reuse.software/tutorial) for\na step-by-step guide through these three steps. The\n[FAQ](https://reuse.software/faq) covers basic questions about licensing,\ncopyright, and more complex use cases. Advanced users and integrators will find\nthe [full specification](https://reuse.software/spec) helpful.\n\nThis tool exists to facilitate the developer in complying with the above\nrecommendations.\n\nThere are [other tools](https://reuse.software/comparison) that have a lot more\nfeatures and functionality surrounding the analysis and inspection of copyright\nand licenses in software projects. The REUSE helper tool, on the other hand, is\nsolely designed to be a simple tool to assist in compliance with the REUSE\nrecommendations.\n\n## Install\n\n### Dependencies\n\nUnless you install via a package manager, it may be helpful to be aware of the\nfollowing system dependencies of `reuse`:\n\n- Python 3.10+\n- libmagic\n- Version control systems\n  - Git\n  - Mercurial 4.3+\n  - Pijul\n  - Jujutsu\n\nExcepting Python, these dependencies are all _optional_. `reuse` will still work\nif they are not installed.\n\nIf a version control system (VCS) is not installed, then `reuse` will not\ncorrectly ignore files which are ignored by the VCS, for example via\n`.gitignore`.\n\nIf libmagic is not installed, then a slower mechanism will be used to detect the\nencodings of files. You may need to explicitly install the fall-back. When\ninstalling `reuse` as Python package, install `reuse[charset-normalizer]`\ninstead. For example: `pipx install reuse[charset-normalizer]`.\n\n### Installation via package manager (Recommended)\n\nThere are packages available for easy install on many operating systems. You are\nwelcome to help us package this tool for more distributions!\n\nFor Debian and derivatives:\n\n```bash\napt install reuse\n```\n\nFor Fedora and derivatives:\n\n```bash\ndnf install reuse\n```\n\nAn automatically generated list of available packages can be found at\n[repology.org](https://repology.org/project/reuse/versions), without any\nguarantee for completeness.\n\n### Install and run via pipx (Recommended)\n\nThe following one-liner both installs and runs this tool from\n[PyPI](https://pypi.org/project/reuse/) via\n[pipx](https://pypa.github.io/pipx/):\n\n```bash\npipx run reuse lint\n```\n\npipx automatically isolates reuse into its own Python virtualenv, which means\nthat it won't interfere with other Python packages, and other Python packages\nwon't interfere with it.\n\nIf you want to be able to use reuse without prepending it with `pipx run` every\ntime, install it globally like so:\n\n```bash\npipx install reuse\n```\n\nreuse will then be available in `~/.local/bin`, which must be added to your\n`$PATH`.\n\nAfter this, make sure that `~/.local/bin` is in your `$PATH`. On Windows, the\nrequired path for your environment may look like\n`%USERPROFILE%\\AppData\\Roaming\\Python\\Python310\\Scripts`, depending on the\nPython version you have installed.\n\nTo upgrade reuse, run this command:\n\n```bash\npipx upgrade reuse\n```\n\n### Installation via pip\n\nTo install reuse into `~/.local/bin`, run:\n\n```bash\npip3 install --user reuse\n```\n\nSubsequently, make sure that `~/.local/bin` is in your `$PATH` like described in\nthe previous section.\n\nTo upgrade reuse, run this command:\n\n```bash\npip3 install --user --upgrade reuse\n```\n\n### Installation from source\n\nYou can also install this tool from the source code, but we recommend the\nmethods above for easier and more stable updates. Please make sure the\nrequirements for the installation via pip are present on your machine.\n\n```bash\npip install .\n```\n\n## Usage\n\nFirst, read the [REUSE tutorial](https://reuse.software/tutorial/). In a\nnutshell:\n\n\u003c!-- REUSE-IgnoreStart --\u003e\n\n1. Put your licenses in the `LICENSES/` directory.\n2. Add a comment header to each file that says\n   `SPDX-License-Identifier: GPL-3.0-or-later`, and\n   `SPDX-FileCopyrightText: $YEAR $NAME`. You can be flexible with the format,\n   just make sure that the line starts with `SPDX-FileCopyrightText:`.\n3. Verify your work using this tool.\n\nExample of header:\n\n```\n# SPDX-FileCopyrightText: 2017 Free Software Foundation Europe e.V. \u003chttps://fsfe.org\u003e\n#\n# SPDX-License-Identifier: CC-BY-SA-4.0\n```\n\n\u003c!-- REUSE-IgnoreEnd --\u003e\n\n### CLI\n\nTo check against the recommendations, use `reuse lint`:\n\n```\n~/Projects/reuse-tool $ reuse lint\n[...]\n\nCongratulations! Your project is compliant with version 3.3 of the REUSE Specification :-)\n```\n\nThis tool can do various more things, detailed in the documentation. Here a\nshort summary:\n\n- `annotate` --- Add copyright and/or licensing information to the header of a\n  file.\n- `download` --- Download the specified license into the `LICENSES/` directory.\n- `lint` --- Verify the project for REUSE compliance.\n- `lint-file` --- Verify REUSE compliance of individual files.\n- `spdx` --- Generate an SPDX Document of all files in the project.\n- `supported-licenses` --- Prints all licenses supported by REUSE.\n- `convert-dep5` --- Convert .reuse/dep5 to REUSE.toml.\n\n### Example demo\n\nIn this screencast, we are going to follow the\n[tutorial](https://reuse.software/tutorial), making the\n[REUSE example repository](https://github.com/fsfe/reuse-example/) compliant.\n\n![Demo of some basic REUSE tool commands](https://download.fsfe.org/videos/reuse/screencasts/reuse-tool.gif)\n\n### Run in Docker\n\nThe `fsfe/reuse` Docker image is available on\n[Docker Hub](https://hub.docker.com/r/fsfe/reuse). With it, you can easily\ninclude REUSE in CI/CD processes. This way, you can check for REUSE compliance\nfor each build. In our [resources for developers](https://reuse.software/dev/)\nyou can learn how to integrate the REUSE tool in Drone, Travis, GitHub, or\nGitLab CI.\n\nYou can run the helper tool simply by providing the command you want to run\n(e.g., `lint`, `spdx`). The image's working directory is `/data` by default. So\nif you want to lint a project that is in your current working directory, you can\nmount it on the container's `/data` directory, and tell the tool to lint. That\nlooks a little like this:\n\n```bash\ndocker run --rm --volume $(pwd):/data fsfe/reuse lint\n```\n\nYou can also provide additional arguments, like so:\n\n```bash\ndocker run --rm --volume $(pwd):/data fsfe/reuse --include-submodules spdx -o out.spdx\n```\n\nThe available tags are:\n\n- `latest` --- the most recent release of reuse.\n- `{major}` --- the latest major release.\n- `{major}.{minor}` --- the latest minor release.\n- `{major}.{minor}.{patch}` --- a precise release.\n\nYou can add `-debian` to any of the tags to get a Debian-based instead of an\nAlpine-based image, which is larger, but may be better suited for license\ncompliance.\n\n### Run as pre-commit hook\n\nYou can automatically run `reuse lint` on every commit as a pre-commit hook for\nGit. This uses [pre-commit](https://pre-commit.com/). Once you\n[have it installed](https://pre-commit.com/#install), add this to the\n`.pre-commit-config.yaml` in your repository:\n\n```yaml\nrepos:\n  - repo: https://github.com/fsfe/reuse-tool\n    rev: v6.1.2\n    hooks:\n      - id: reuse\n```\n\nThen run `pre-commit install`. Now, every time you commit, `reuse lint` is run\nin the background, and will prevent your commit from going through if there was\nan error.\n\nIf you instead want to only lint files that were changed in your commit, you can\nuse the following configuration:\n\n```yaml\nrepos:\n  - repo: https://github.com/fsfe/reuse-tool\n    rev: v6.1.2\n    hooks:\n      - id: reuse-lint-file\n```\n\n### Shell completion\n\nIn order to enable shell completion, you need to generate the shell completion\nscript. You do this with `_REUSE_COMPLETE=bash_source reuse`. Replace `bash`\nwith `zsh` or `fish` as needed, or any other shells supported by the Python\n`click` library. You can then source the output in your shell rc file, like so\n(e.g.`~/.bashrc`):\n\n```bash\neval \"$(_REUSE_COMPLETE=bash_source reuse)\"\n```\n\nAlternatively, you can place the generated completion script in\n`${XDG_DATA_HOME}/bash-completion/completions/reuse`.\n\n## Maintainers\n\n- Carmen Bianca Bakker \u003ccarmenbianca@fsfe.org\u003e\n- Florian Snow \u003cfloriansnow@fsfe.org\u003e\n\n### Former maintainers\n\n- Max Mehl \u003cmax.mehl@fsfe.org\u003e\n- Linus Sehn \u003clinus@fsfe.org\u003e\n\n## Contributing\n\nIf you're interested in contributing to the reuse project, there are several\nways to get involved. Development of the project takes place on GitHub at\n\u003chttps://github.com/fsfe/reuse-tool\u003e. There, you can submit bug reports, feature\nrequests, and pull requests. Even and especially when in doubt, feel free to\nopen an issue with a question. Contributions of all types are welcome, and the\ndevelopment team is happy to provide guidance and support for new contributors.\n\nYou should exercise some caution when opening a pull request to make changes\nwhich were not (yet) acknowledged by the team as pertinent. Such pull requests\nmay be closed, leading to disappointment. To avoid this, please open an issue\nfirst.\n\nAdditionally, the \u003creuse@lists.fsfe.org\u003e mailing list is available for\ndiscussion and support related to the project.\n\nYou can find the full contribution guidelines at\n\u003chttps://reuse.readthedocs.io/en/latest/contribute.html\u003e.\n\n## Licensing\n\nThis work is licensed under multiple licences. Because keeping this section\nup-to-date is challenging, here is a brief summary as of April 2024:\n\n- All original source code is licensed under GPL-3.0-or-later.\n- All documentation is licensed under CC-BY-SA-4.0.\n- Some configuration and data files are licensed under CC0-1.0.\n- Some code borrowed from\n  [spdx/tools-python](https://github.com/spdx/tools-python) is licensed under\n  Apache-2.0.\n\nFor more accurate information, check the individual files.\n","funding_links":["https://github.com/sponsors/fsfe","https://my.fsfe.org/donate?referrer=https://github.com/fsfe/reuse-tool"],"categories":["Python","Software Composition Analysis"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffsfe%2Freuse-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffsfe%2Freuse-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffsfe%2Freuse-tool/lists"}