Comments (7)
Thank you for the bug report and the test case. I am looking into it.
from python-license-check.
We are using pkg_resources.working_set
to find required packages, but this working set includes what is already installed so that can raise unexpected version conflicts. It would be better to find required packages from a clean environment (kind of venv
). Still digging to find a way to achieve that...
from python-license-check.
It would be better to find required packages from a clean environment (kind of
venv
).
FWIW setuptools
is installed alongside with every virtual environment (pip
and wheel
as well).
from python-license-check.
The solution could be excluding pip
, setuptools
, and wheel
from passing to pkg_resources.working_set
, assuming they are MIT licensed 🤔
UPDATE: or get their licenses from JSON API.
from python-license-check.
I love the idea of the JSON API. We would no longer have to hack the pip
and pkg_resources
APIs. But this is not a trivial update.
from python-license-check.
Originally this issue was caught due to another issue with poetry python-poetry/poetry#1584, where poetry wouldn't update setuptools
in virtualenv
.
I love the idea of the JSON API. We would no longer have to hack the
pip
andpkg_resources
APIs. But this is not a trivial update.
JSON API doesn't show dependencies for packages that list their dependencies in a non-declarative way (e.g., using setup(install_requires=[...])
).
The --no-deps
option (#48) would help, where resolving dependencies would be a dependency managers' job (e.g., pip-tools/pipenv/poetry/...).
@ochedru I wonder what would you think?
from python-license-check.
I am fine with your PR; it looks like we cannot rely on the JSON API and the --no-deps
option will help dealing with difficult cases.
So, 👍
from python-license-check.
Related Issues (20)
- `or`-ed license check breaks on licenses with "or" in the name HOT 6
- specifying a non-existant strategy file produces no error or warning
- liccheck doesn't notice project licenses in pyproject.toml HOT 1
- DeprecationWarning: pkg_resources is deprecated as an API HOT 1
- Support Python 3.12
- Provide Support for Poetry Dependency Groups
- Error when handling normalised names for package extras
- Editable requirements (-e) raises "DistributionNotFound: The 'None' distribution was not found"
- support pre-commit hook HOT 1
- pre-commit hooks is not working as expected HOT 3
- pkg_resources.VersionConflict: (pandas 1.3.5 (~/miniconda3/envs/myenv/lib/python3.8/site-packages), Requirement.parse('pandas==1.3.3')) HOT 1
- Normalized package names HOT 2
- Order licenses alphabetically
- Feature Request: Option To Specify Where To Look for License Information
- authorized_packages doesn't work in pyproject.toml HOT 1
- Improve error message in case a requirement is not installed.
- DistributionNotFound: The 'greenlet==1.1.3' distribution was not found and is required by the application HOT 3
- Allow matching with regex
- Dependency Dashboard
- Action Required: Fix Renovate Configuration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-license-check.