Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show Licenses for Requirements.txt #180

Open
jakeBass opened this issue Jan 24, 2024 · 7 comments
Open

Show Licenses for Requirements.txt #180

jakeBass opened this issue Jan 24, 2024 · 7 comments

Comments

@jakeBass
Copy link

Hi! I'm interested in being able to feed in a specific requirements.txt file and get the licenses for the packages listed in the file. There doesn't appear to be a CLI option supporting this. I'm curious -- does that seem like a reasonable feature? Thanks!

For reference, it could look something like:

pip-licenses --requirements-file=/path/to/requirements.txt
@stefan6419846
Copy link

stefan6419846 commented Jan 25, 2024
edited
Loading

You can just create a virtual environment, install your requirements there and use the --python option. I do not see an easier option for pip-licenses itself here as well due to iterating over the local package metadata.

@stefan6419846
Copy link

Most likely a duplicate of #108 as well.

@jakeBass
Copy link
Author

Ah yup, I think this is a duplicate. Apologies as I couldn't find that, and didn't have a good understanding of how your library works (might be worth adding a brief How It Works section in the README?).

I am wondering if you've considered any alternate ways to get license info in the case where creating a venv is infeasible -- downloading the info from pypi or the package's repo possibly?

@stefan6419846
Copy link

The repository already states:

Dump the license list of packages installed with pip.

and

pip-licenses is a CLI tool for checking the software license of installed Python packages with pip.

So it already states that it is about local packages.

I am wondering if you've considered any alternate ways to get license info in the case where creating a venv is infeasible -- downloading the info from pypi or the package's repo possibly?

I am neither the maintainer nor the author of this package, but just a user. Nevertheless, IMHO this is out of scope for pip-licenses as this basically requires a completely different approach (fetching and parsing JSON from PyPI etc.) I am not aware of a corresponding package which would already implement this.

Speaking of myself, I already use a combination of pip-licenses and custom scanning of packages without having to install them, although without resolving any dependency chains due to pip-licenses providing me all the necessary Python package names.

@alper
Copy link

alper commented Apr 11, 2024

I can get the requirements.txt for a couple dozen repositories here but running all of them locally, installing all their packages and extracting the license information from there is a total non starter.

Weird that it's not possible to get this from requirements.txt or pyproject.toml.

@stefan6419846
Copy link

As already stated above, this is just how pip-licenses has been implemented, id est relying on importlib.metadata from the stdlib without doing any outbound network requests and being faster due to this (and reducing traffic). This usually is fine for projects you are actively working it as you will have a dedicated virtual environment anyway.

Implementing an alternative approach in another package is still feasible, but IMHO out of scope for pip-licenses due to using a completely different concept.

@alper
Copy link

alper commented Apr 12, 2024

OK. I've found that cdxgen works fine for my use case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alper @jakeBass @stefan6419846