{"id":18226805,"url":"https://github.com/jpfulton/java-license-auditor-cli","last_synced_at":"2025-09-20T08:13:13.736Z","repository":{"id":198329007,"uuid":"700597605","full_name":"jpfulton/java-license-auditor-cli","owner":"jpfulton","description":null,"archived":false,"fork":false,"pushed_at":"2025-07-22T08:52:17.000Z","size":580,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-31T07:38:24.160Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jpfulton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-04T22:48:12.000Z","updated_at":"2025-01-19T19:55:18.000Z","dependencies_parsed_at":"2025-01-19T03:34:10.711Z","dependency_job_id":null,"html_url":"https://github.com/jpfulton/java-license-auditor-cli","commit_stats":{"total_commits":77,"total_committers":2,"mean_commits":38.5,"dds":"0.012987012987012991","last_synced_commit":"ae0e7f86cd09d8eca96f22965e10b55f811f953d"},"previous_names":["jpfulton/java-license-auditor-cli"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/jpfulton/java-license-auditor-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fjava-license-auditor-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fjava-license-auditor-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fjava-license-auditor-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fjava-license-auditor-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpfulton","download_url":"https://codeload.github.com/jpfulton/java-license-auditor-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpfulton%2Fjava-license-auditor-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276064355,"owners_count":25578999,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-20T02:00:10.207Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-04T05:03:39.284Z","updated_at":"2025-09-20T08:13:13.719Z","avatar_url":"https://github.com/jpfulton.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# java-license-auditor-cli\n\n[![ci](https://github.com/jpfulton/java-license-auditor-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/jpfulton/java-license-auditor-cli/actions/workflows/ci.yml)\n[![npm version](https://badge.fury.io/js/%40jpfulton%2Fjava-license-auditor-cli.svg)](https://www.npmjs.com/package/@jpfulton/java-license-auditor-cli)\n![License](https://img.shields.io/badge/License-MIT-blue)\n![Visitors](https://visitor-badge.laobi.icu/badge?page_id=jpfulton.java-license-auditor-cli)\n\nA CLI designed to list and audit licenses in project dependencies in Java projects. The CLI\ncan output both markdown reports and CSV files and is designed to run in CI workflows.\nIncluded in the package is a [DangerJS](https://danger.systems/js) plugin that can be\nused to audit licenses in the PR process.\n\nIn current state, only Java projects using Maven or Gradle are supported.\n\n## Installation of the CLI\n\nYou can install this tool globally, using the following yarn command:\n\n```bash\nyarn global add @jpfulton/java-license-auditor-cli\n```\n\n## Local Configuration\n\nTo override the default configuration, which is extremely minimal, place a `.license-checker.json` file in the\nroot directory of your project with the following format:\n\n```json\n{\n  \"blackList\": [\"blacklisted-license\"],\n  \"whiteList\": [\"whitelisted-license\"]\n}\n```\n\nLicenses in the blackList array will generate errors in the report. Licenses in the\nwhiteList array will generate information lines and licenses types that exist in neither\narray generate warnings for further investigation.\n\n## Remote Configurations\n\nRemote configurations can be used to override the default configuration. To use a remote\nconfiguration, specify the URL to the configuration file using the `--remote-config` flag.\nRemote configurations are useful when applying the same configuration to multiple projects\nto avoid the need to copy the configuration file to each project and maintain the configurations\nin multiple places.\n\n```bash\njava-license-auditor-cli csv --remote-config https://raw.githubusercontent.com/jpfulton/node-license-auditor-cli/main/.license-checker.json . \u003e report.csv\n```\n\n```bash\njava-license-auditor-cli markdown --remote-config https://raw.githubusercontent.com/jpfulton/node-license-auditor-cli/main/.license-checker.json . \u003e report.md\n```\n\n## Usage as a DangerJS Plugin\n\nThis project can be used as a [DangerJS](https://danger.systems/js/) plugin. To use the\nplugin, install the plugin using the following command:\n\n```bash\nyarn add -D danger @jpfulton/java-license-auditor-cli\n```\n\nThen, add the following to your `dangerfile.ts`:\n\n```typescript\nimport { javaLicenseAuditor } from \"@jpfulton/java-license-auditor-cli\";\n\nexport default async () =\u003e {\n  // Run the license auditor plugin\n  await licenseAuditor({\n    // optionally choose to fail the build if a blacklisted license is found\n    failOnBlacklistedLicense: false,\n    // specify the path to the project's package.json file, useful in a monorepo\n    // defaults to the current working directory\n    projectPath: \".\",\n    // optionally specify a remote configuration file\n    // useful when applying the same configuration to multiple projects\n    // defaults to usage of a local configuration file found at the root of the project repo\n    remoteConfigurationUrl:\n      \"https://raw.githubusercontent.com/jpfulton/jpfulton-license-audits/main/.license-checker.json\",\n    // show a summary of the license audit in the PR comment\n    // includes the number of unique dependencies and counts for each category of license found\n    showMarkdownSummary: true,\n    // show details of the license audit in the PR comment\n    // includes a table with the name, version and license of each dependency\n    // that was discovered that was not explicitly whitelisted in the configuration\n    showMarkdownDetails: true,\n  });\n};\n```\n\n## Layering this Project over Maven and Gradle Java Projects\n\nBoth Maven and Gradle have the ability to generate a dependency tree for a project. In the\ncase of Maven, a license report can be generated using a default Maven plugin:\n[project-info-reports:dependencies](https://maven.apache.org/plugins/maven-project-info-reports-plugin/dependencies-mojo.html). In the case of Gradle, a license report can be generated using a third-party plugin: [com.github.jk1.dependency-license-report](https://github.com/jk1/Gradle-License-Report/).\n\nThis project is designed to be layered over the results of the reports generated by those plugins.\nThe advantage of this project and its use with the [jpfulton/danger-js-action](https://github.com/jpfulton/danger-js-action/)\nproject is that it can be used to centralize the license audit process across multiple projects\nand languages. Additionally, it brings the audit project into the PR review process in an automated\nand ongoing way.\n\n### Usage with Maven\n\nTo use this project with Maven, first generate a dependency license report using the following command:\n\n```bash\nmvn project-info-reports:dependencies\n```\n\nThe utilize the CLI functionality of the project or the DangerJS plugin to audit the licenses.\n\n### Usage with Gradle\n\nTo use this project with Gradle, first integrate the [com.github.jk1.dependency-license-report](https://github.com/jk1/Gradle-License-Report/) into your project. Then, generate a dependency license report using the following command:\n\n```bash\n./gradlew generateLicenseReport\n```\n\nThe Gradle-License-Report plugin needs to be configured to use its `JsonReportRenderer` to generate the report in JSON format. The following is an example Groovy configuration:\n\n```groovy\nlicenseReport {\n    outputDir = file(\"$buildDir/build/licenses\")\n    renderers = [new JsonReportRenderer('licenses.json')]\n}\n```\n\nIn current state, this project will look for the `licenses.json` file in the following\nlocations:\n\n- `build/licenses/licenses.json`\n- `licenses/licenses.json`\n\nThen, utilize the CLI functionality of the project or the DangerJS plugin to audit the licenses.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpfulton%2Fjava-license-auditor-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjpfulton%2Fjava-license-auditor-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpfulton%2Fjava-license-auditor-cli/lists"}