https://github.com/lucor/lian

lian is a license analyzer for Go binaries and modules
https://github.com/lucor/lian

golang license license-checker

Last synced: about 2 months ago
JSON representation

lian is a license analyzer for Go binaries and modules

• Host: GitHub
• URL: https://github.com/lucor/lian
• Owner: lucor
• License: bsd-3-clause
• Created: 2022-01-30T19:48:32.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-02-11T17:00:28.000Z (11 months ago)
• Last Synced: 2024-10-25T09:07:13.364Z (2 months ago)
• Topics: golang, license, license-checker
• Language: Go
• Homepage: https://lucor.dev/lian
• Size: 229 KB
• Stars: 2
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# lian

lian is a license analyzer for Go binaries and modules. 

It aims to help in the following use cases:

- report all the dependencies, their versions, and licenses type along with the URL on pkg.go.dev

- dump and combine all licenses to comply with package distribution

- check against a set of allowed licenses

## Example

`lian` in action with itself



    



## How it works

It is designed to work without connecting to third-party services.

The licenses are detected using the

[google/licensecheck](https://github.com/google/licensecheck) library that will scans

source texts for known licenses directly from the [module cache](https://go.dev/ref/mod#module-cache).

The module cache usually is already warmed if the module has been already built locally.

If the dependencies are not present the `-d, --download` option can be specified and it will automatically download the dependencies using the `go mod download` command.

## Installation

```

$ go install lucor.dev/lian@latest

```

Note: requires Go >= 1.18

## Download

Pre-built binaries can be downloaded from the [releases](https://lucor.dev/lian/releases) page

## Usage

```

Usage: lian [OPTIONS] [PATH]

Options:

  -a, --allowed          comma separated list of allowed licenses (i.e. MIT, BSD-3-Clause). Default to all

  -e, --excluded         comma separated list of repository with version excluded from the licenses check. Default to none

  -d, --download         download dependencies to local cache

      --dump             dump all licenses

  -h, --help             show this help message

      --list-names       list the names of the license file can be detected and exit

      --list-licenses    list the licenses can be detected and exit

  -o, --output     write to file instead of stdout

  	  --version          show the version number

```

### License check for a Go module

```

lian --allowed "MIT,BSD-3-CLAUSE" /path/to/go.mod

```

### Dump all licenses to a file for a Go binary

```

lian --dump -o LICENSE-THIRD-PARTY /path/to/go_binary

```

### License check as GitHub action

```yml

name: License check

on: [push, pull_request]

jobs:

  checks:

    runs-on: ubuntu-latest

    steps:

    - uses: actions/checkout@v2

    - uses: actions/setup-go@v2

      with:

        stable: 'false'

        go-version: '1.18.0-beta2'

    - name: install lian

      run: go install lucor.dev/lian@latest

    - name: license check against go.mod

      run: lian -d --allowed="BSD-2-Clause, BSD-3-Clause, MIT"

    - name: build

      run: go build

    - name: License check against the Go binary

      run: lian --allowed="BSD-2-Clause, BSD-3-Clause, MIT" ./lian

```

See in [action](https://github.com/lucor/lian/actions/workflows/license_check.yml) against this repo.