Login/Register
How to print the licenses used in my project using Go Modules?
Asked Answered
Solved gogo-modules
U

1

6

For legal reasons, I need a list of licenses (e.g. MIT, Apache) the dependencies (direct and transient libraries) my project uses. I only know how to print a list of dependencies without licenses.

Is there a way to print a list of dependencies with licenses for Go Modules? Similar to what is done in npm (NPM License Checker) and Gradle (Gradle License Report). Thanks!

Unreasoning answered 5/4, 2020 at 9:44 Comment(0)
D
9

Have you tried github.com/google/go-licenses?

Run 

go get -v github.com/google/go-licenses
go build github.com/google/go-licenses
./go-licenses csv .

That gives you some information at least.

A bit more verbosity: So I create a test project:

package main

import (
    "encoding/json"
    "fmt"
    log "github.com/sirupsen/logrus"
)

func main() {
    log.Warn("Warn")
    foo := make(map[string]bool)
    foo["bar"] = true
    j, _ := json.MarshalIndent(foo, " ", " ")
    fmt.Println(string(j))
}

The I do:

me@dattan:~/testing/blabla$ go mod init example.com/test
go: creating new go.mod: module example.com/test
me@dattan:~/testing/blabla$ go build
go: finding module for package github.com/sirupsen/logrus
go: downloading github.com/sirupsen/logrus v1.5.0
go: found github.com/sirupsen/logrus in github.com/sirupsen/logrus v1.5.0
go: downloading golang.org/x/sys v0.0.0-20190422165155-953cdadca894
me@dattan:~/testing/blabla$ go get -v github.com/google/go-licenses
go: downloading github.com/google/go-licenses v0.0.0-20200227160636-0fa8c766a591
... [lots of downloads, that's why -v to see it's not dead]
github.com/google/go-licenses
me@dattan:~/testing/blabla$ go build github.com/google/go-licenses
me@dattan:~/testing/blabla$ ./go-licenses csv .
E0406 23:03:48.578291   32389 library.go:108] Failed to find license for example.com/test: no file/directory matching regexp "^(LICEN(S|C)E|COPYING|README|NOTICE)(\\..+)?$" found for /home/me/testing/blabla
E0406 23:03:48.627889   32389 csv.go:84] Error discovering URL for "/home/me/go/pkg/mod/golang.org/x/[email protected]/LICENSE":
- unsupported package host "golang.org" for "golang.org/x/sys/unix"
example.com/test,Unknown,Unknown
github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/master/LICENSE,MIT
golang.org/x/sys/unix,Unknown,BSD-3-Clause

And those last lines there, not perfect but it does see that logrus is MIT and provide the link to the license. My test package lacking a LICENSE file fails of course.

Edit from comment While the above worked for me these are the commands the asker needed to do:

go build ./... 
./go-licenses csv ./...
Durnan answered 5/4, 2020 at 11:47 Comment(8)
Error: errors for ["PATH_TO_PROJ"]: PATH_TO_PROJ: -: no Go files in PATH_TO_PROJ Usage: licenses csv <package> [flags] does it support Go Modules?Jeremiah
Are you invoking go-licenses as explained in the README ?Apodal
I can't find an example there for a local project. there's one for a github url though but I need for a local project (with Go Modules which they also don't mention)Jeremiah
@LuísSoares i added a bit more, did it help?Durnan
I was able to run with similar commands (maybe you can edit) go build ./... .... ./go-licenses csv ./...Jeremiah
FYI, it fails is most licences but for better results, it would need to use some GitHub API, I guess.Jeremiah
sorry to hear that, I only played around with it a while back and had ok-ish results. I guess it also comes down to how well formatted the licences are, that they have license files etcDurnan
typically license checkers use a % match against the license file to figure out the license type. Licenses at times are modified, so if a user modifled Apache 2.0 license, then an exact or even a 95% match won't be able to identify the license type successfully. Public GOPROXY such as search.gocenter.io also displays license information. There will be something released this month that will further make it easy to access this information.Pontificate

© 2022 - 2024 — McMap. All rights reserved.