Skip to content
/ lian Public

lian is a license analyzer for Go binaries and modules

lucor.dev/lian

License

BSD-3-Clause and 2 other licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
license.go
Unknown
LICENSE-THIRD-PARTY
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lucor/lian

BranchesTags

Repository files navigation

lian

lian is a license analyzer for Go binaries and modules.

It aims to help in the following use cases:

  • report all the dependencies, their versions, and licenses type along with the URL on pkg.go.dev
  • dump and combine all licenses to comply with package distribution
  • check against a set of allowed licenses

Example

lian in action with itself

lian example

How it works

It is designed to work without connecting to third-party services.

The licenses are detected using the google/licensecheck library that will scans source texts for known licenses directly from the module cache.

The module cache usually is already warmed if the module has been already built locally. If the dependencies are not present the -d, --download option can be specified and it will automatically download the dependencies using the go mod download command.

Installation

$ go install lucor.dev/lian@latest

Note: requires Go >= 1.18

Download

Pre-built binaries can be downloaded from the releases page

Usage

Usage: lian [OPTIONS] [PATH]

Options:
  -a, --allowed          comma separated list of allowed licenses (i.e. MIT, BSD-3-Clause). Default to all
  -e, --excluded         comma separated list of repository with version excluded from the licenses check. Default to none
  -d, --download         download dependencies to local cache
      --dump             dump all licenses
  -h, --help             show this help message
      --list-names       list the names of the license file can be detected and exit
      --list-licenses    list the licenses can be detected and exit
  -o, --output <file>    write to file instead of stdout
  	  --version          show the version number

License check for a Go module

lian --allowed "MIT,BSD-3-CLAUSE" /path/to/go.mod

Dump all licenses to a file for a Go binary

lian --dump -o LICENSE-THIRD-PARTY /path/to/go_binary

License check as GitHub action

name: License check
on: [push, pull_request]

jobs:
  checks:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-go@v2
      with:
        stable: 'false'
        go-version: '1.18.0-beta2'

    - name: install lian
      run: go install lucor.dev/lian@latest

    - name: license check against go.mod
      run: lian -d --allowed="BSD-2-Clause, BSD-3-Clause, MIT"

    - name: build
      run: go build

    - name: License check against the Go binary
      run: lian --allowed="BSD-2-Clause, BSD-3-Clause, MIT" ./lian

See in action against this repo.

About

lian is a license analyzer for Go binaries and modules

lucor.dev/lian

Topics

golang license license-checker

Resources

Readme

License

BSD-3-Clause and 2 other licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
license.go
Unknown
LICENSE-THIRD-PARTY
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 5

v0.4.1 Latest
Feb 11, 2024
+ 4 releases

Packages

No packages published

Languages