Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request <> License information from PyPi #30

Open
jameslamb opened this issue Apr 7, 2019 · 2 comments
Open

Feature Request <> License information from PyPi #30

jameslamb opened this issue Apr 7, 2019 · 2 comments

Comments

@jameslamb
Copy link
Contributor

In using pip-licenses, I've found that some packages which do non-standard things with their license information are categorized as UNKNOWN even when they use mainstream OSS licenses.

PyPi exposes a /json endpoint that allows you to get a JSON representation of the metadata for a package.

One example I've seen is pytest-cache.

import requests

res = requests.get('https://pypi.org/pypi/pytest-cache/json').json()['info']
print(res)

license = res['license']

>>> res['license']
'MIT License'

Running this through the current pip-licenses setup yields UNKNOWN (running in non-Docker mode because I don't want to do the "only from trove classifiers" version)

echo "pytest-cache" > docker/requirements.txt
pip install pytest-cache
pip-licenses | grep pytest

 pytest                       3.6.3       MIT license
 pytest-cache                 1.0         UNKNOWN
 pytest-cov                   2.6.1       MIT

@raimon49 would you be open to a contribution that adds a method to get package metadata from PyPi? I would propose wrapping it in a try-catch that fails gracefully so we don't add a new restriction "must be connected to the internet to run pip-licenses".

If you are open to this idea, I'd like to try implementing and PR-ing in this feature.

Thanks for considering it!
@raimon49
Copy link
Owner

raimon49 commented Apr 8, 2019

Thank you for the report.

What I can say about the pytest-cache license is that the latest version (as 1.0) uploaded to PyPI was licensed as a GPL. Since then, it has been changed to the MIT license in 2014.

See also)
https://bitbucket.org/hpk42/pytest-cache/history-node/7875468588d6/setup.py?at=default

The information that pip-licenses refers to in the local environment when installed with the pip install pytest-cache command seems to be the meta information at the time of GPL.

Can you order the upload of version 1.1 from PyPI to the author of pytest-cache to distribute under the MIT license? I think this is a clear solution.

As you say, referencing metadata through the JSON API is another solution. However, in this case, the author does not intend to distribute it under the MIT license as of pytest-cache 1.0. So I think having a 1.1 MIT license for distribution is a clearer solution.

@thejcannon
Copy link
Contributor

Just to make this very obvious, downloading the source of pytest-cache version 1.0: https://pypi.org/project/pytest-cache/#files
and inspecting PKG-INFO shows: License: UNKNOWN and Classifier: License :: OSI Approved :: GNU General Public License (GPL).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@raimon49 @thejcannon @jameslamb