sensslen / nuget-license Goto Github PK
View Code? Open in Web Editor NEWThis project forked from tomchavakis/nuget-license
.NET Core tool to print or save all the licenses of a project
License: Apache License 2.0
This project forked from tomchavakis/nuget-license
.NET Core tool to print or save all the licenses of a project
License: Apache License 2.0
Are there any plans to reintroduce the --export-licenses-texts option, as we need this to comply with many open source licenses which explicitly require you include the actual license text
For example BSD says:
- Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
NuGet.Commands
, NuGet.Packaging
).github/workflows/action.yml
actions/checkout v4
actions/setup-dotnet v4
actions/checkout v4
actions/setup-dotnet v4
nuget/setup-nuget v2
microsoft/setup-msbuild v2
microsoft/vstest-action v1.0.0
actions/checkout v4
actions/checkout v4
actions/setup-dotnet v4
actions/checkout v4
nuget/setup-nuget v2
microsoft/setup-msbuild v2
actions/checkout v4
actions/setup-dotnet v4
paulhatch/semantic-version v5.4.0
actions/checkout v4
nuget/setup-nuget v2
microsoft/setup-msbuild v2
paulhatch/semantic-version v5.4.0
.github/workflows/release.yml
actions/checkout v4
actions/setup-dotnet v4
actions/setup-dotnet v4
actions/setup-dotnet v4
nowsprinting/check-version-format-action v3
nuget/setup-nuget v2
microsoft/setup-msbuild v2
microsoft/vstest-action v1.0.0
thedoctor0/zip-release 0.7.6
softprops/action-gh-release v2
integration/ProjectWithReferenceContainingLicenseExpression/ProjectWithReferenceContainingLicenseExpression.csproj
CsvHelper 32.0.3
src/NuGetUtility/NuGetUtility.csproj
System.Collections.Immutable 8.0.0
Microsoft.Bcl.HashCode 1.1.1
Tethys.SPDX.ExpressionParser 2.1.2
NuGet.Packaging 6.9.1
NuGet.Commands 6.9.1
Microsoft.Build.Locator 1.7.8
McMaster.Extensions.CommandLineUtils 4.1.1
The package CsvHelper (https://joshclose.github.io/CsvHelper/) provides "MS-PL OR Apache-2.0" as license information. The check fails since the value is not present in our allow list. In the previous version we didn't have this issue.
As a workaround I solved it by setting the license manually with the "--override-package-information" option to "Apache-2.0". But it would be great if the tool could handle multiple licenses out of the box.
We have the following project structure for our .NET 8 project
| MyProject
|- src
|- MyProject.Common (contains .csproj + source)
|- MyProject.WebApi (contains .csproj + source)
|- ...
|- MyProject.sln
|- NuGet.Config
and are building a docker image for the application. In the Dockerfile
we install nuget-license and execute it to generate a list of licenses
FROM mcr.microsoft.com/dotnet/sdk:8.0-jammy AS build
WORKDIR /app
COPY ./src ./src
COPY MyProject.sln NuGet.Config ./
RUN dotnet restore "src/MyProject.WebApi/MyProject.WebApi.csproj"
RUN dotnet build "src/MyProject.WebApi/MyProject.WebApi.csproj" --no-restore -c Release -o out
RUN dotnet tool install --global nuget-license
# Only pass projects to nuget-license that do not start with Tests.
RUN tests=$(find src/*/*.csproj -name '*.csproj' ! -path "src/Tests.*/*.csproj" -exec echo -n '"{}", ' \;) \
&& tests=${tests::-2} && echo "[${tests}]" > projects-filter.json \
&& nuget-license --json-input projects-filter.json > LICENSES.html
...
Everything was working fine until NuGet.Config
file was added to the solution. Since then build fails with following exception
Unhandled exception. NuGet.Configuration.NuGetConfigurationException: Unexpected failure reading NuGet.Config. Path: '/app/src/MyProject.Common/MyProject.Common.csproj/NuGet.Config'.
---> System.IO.IOException: The file '/app/src/MyProject.Common/MyProject.Common.csproj' already exists.
at System.IO.FileSystem.CreateDirectory(String fullPath, UnixFileMode unixCreateMode)
at System.IO.Directory.CreateDirectory(String path)
at NuGet.Configuration.FileSystemUtility.AddFile(String fullPath, Action`1 writeToStream)
at NuGet.Configuration.FileSystemUtility.GetOrCreateDocument(XDocument content, String fullPath)
at NuGet.Configuration.SettingsFile.<>c__DisplayClass23_0.<.ctor>b__0()
at NuGet.Configuration.SettingsFile.<>c__DisplayClass32_0.<ExecuteSynchronized>b__0()
--- End of inner exception stack trace ---
at NuGet.Configuration.SettingsFile.<>c__DisplayClass32_0.<ExecuteSynchronized>b__0()
at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLocked(String filePath, Action action)
at NuGet.Configuration.SettingsFile.ExecuteSynchronized(Action ioOperation)
at NuGet.Configuration.SettingsFile..ctor(String directoryPath, String fileName, Boolean isMachineWide, Boolean isReadOnly)
at NuGet.Configuration.Settings.ReadSettings(String settingsRoot, String settingsPath, Boolean isMachineWideSettings, Boolean isAdditionalUserWideConfig, SettingsLoadingContext settingsLoadingContext)
at NuGet.Configuration.Settings.<>c__DisplayClass29_0.<LoadSettings>b__0(String f)
at System.Linq.Enumerable.SelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
at System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection)
at NuGet.Configuration.Settings.LoadSettings(String root, String configFileName, IMachineWideSettings machineWideSettings, Boolean loadUserWideSettings, Boolean useTestingGlobalPath, SettingsLoadingContext settingsLoadingContext)
at NuGet.Configuration.Settings.LoadDefaultSettings(String root)
at NuGetUtility.Program.GetPackageInfos(ProjectWithReferencedPackages projectWithReferences, IEnumerable`1 overridePackageInformation, CancellationToken cancellation) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 155
at NuGetUtility.Program.<>c__DisplayClass35_0.<OnExecuteAsync>b__1(ProjectWithReferencedPackages p) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 132
at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+MoveNext() in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Extension/AsyncEnumerableExtension.cs:line 21
at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages, CancellationToken token) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 35
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages, CancellationToken token) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 35
at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 133
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 93
at NuGetUtility.Program.<Main>(String[] args)
/bin/bash: line 1: 13 Aborted nuget-license --json-input projects-filter.json > LICENSES.html
I'm not sure what's going on here and why it tries to load NuGet.Config
file from Common project folder altough it's only located in root folder (as it should be). Any ideas what could be the problem here?
Running using the the arguments nuget-license -i ApiServer.sln -t -d licenses
on our Asp.net web api project results in the following exception:
Unhandled exception. Microsoft.Build.Exceptions.InvalidProjectFileException: The project file could not be loaded. Could not find file '/home/daniel/Work/hydra-src/apps/API-Server/Pttox.Forms.sln'. /home/daniel/Work/hydra-src/apps/API-Server/Pttox.Forms.sln
at Microsoft.Build.Shared.ProjectFileErrorUtilities.VerifyThrowInvalidProjectFile(Boolean condition, String errorSubCategoryResourceName, BuildEventFileInfo projectFile, Exception innerException, String resourceName, Object[] args)
at Microsoft.Build.Construction.SolutionFile.ParseSolutionFile()
at Microsoft.Build.Construction.SolutionFile.Parse(String solutionFile)
at NuGetUtility.Wrapper.MsBuildWrapper.MsBuildAbstraction.GetProjectsFromSolution(String inputPath) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/MsBuildWrapper/MsBuildAbstraction.cs:line 57
at NuGetUtility.ReferencedPackagesReader.ProjectsCollector.GetProjects(String inputPath) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/ReferencedPackagesReader/ProjectsCollector.cs:line 15
at System.Linq.Enumerable.SelectManySingleSelectorIterator`2.MoveNext()
at System.Linq.Enumerable.SelectEnumerableIterator`2.MoveNext()
at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+MoveNext() in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Extension/AsyncEnumerableExtension.cs:line 19
at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 126
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)
The readme says that the -i is "Project or Solution to be analyzed" so I would expect it to handle a sln file.
I'm getting LicenseDownloadExceptions on two of my projects, one is a Asp.net webapi project and one is a .net maui project.
Maui Project
Command nuget-license -i Pttox.Forms.sln -t -d licenses -o jsonPretty
Output:
Unhandled exception. NuGetUtility.LicenseValidator.LicenseDownloadException: Failed to download license for package System.Buffers (4.3.0).
Context: /home/daniel/Work/hydra-src/apps/Xamarin-PTToX/src/Pttox.Forms/Pttox.Forms.csproj
---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 429 (Too Many Requests).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at System.Net.Http.HttpClient.GetStreamAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/HttpClientWrapper/FileDownloader.cs:line 17
at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName)
at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 164
--- End of inner exception stack trace ---
at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 169
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 47
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 126
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)
Asp.net webapi project
Command : nuget-license -i ApiServer.sln -t -d licenses -o jsonPretty
Output:
Unhandled exception. NuGetUtility.LicenseValidator.LicenseDownloadException: Failed to download license for package NETStandard.Library (2.0.0).
Context: /home/daniel/Work/hydra-src/apps/API-Server/ApiServer.Tests/ApiServer.Tests.csproj
---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at System.Net.Http.HttpClient.GetStreamAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/HttpClientWrapper/FileDownloader.cs:line 17
at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/HttpClientWrapper/FileDownloader.cs:line 19
at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 164
--- End of inner exception stack trace ---
at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 169
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 47
at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 126
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)
With projects that depend on many libraries we may hit the same license URL a lot of times.
In fact, with some combinations, we may hit the same URL so many times that we trigger 429 errors and we fail to download the actual license.
Cache the URL->License response combo, then when another package attempts to download from the same source we simply use the cached file.
Asking in an issue since no discussion activated here :-)
I see ref to packages.config-based projects and would love support for that.
I have mixed environment setup with C# (reference-style) and C++ projects that must use packages.config-style. (e.g : nlohmann/json#1132 (comment))
Beeing able to handle 'everything' would be great ๐
Whe I'm analyzing our project im only getting a few things and some are missing.
received:
{
"PackageId": "System.Text.RegularExpressions",
"PackageVersion": "4.3.1",
"PackageProjectUrl": "https://dot.net/",
"License": "MS-EULA",
"LicenseInformationOrigin": 1
}
expected:
{
"PackageId": "System.Text.RegularExpressions",
"PackageVersion": "4.3.1",
"PackageProjectUrl": "https://dot.net/",
"**RepositoryUrl**": "https://github.com/dotnet/runtime",
"License": "MS-EULA",
"**LicenseUrl**":
"**LicenseFile**":
"LicenseInformationOrigin": 1
}
LicesneUrl is legacy, maybe its worth merging them having LicenseFile higher prio.
I saw that there are properties in the metadata but it seems they are not used.
Hi
in tomchavakis#192 I asked about included the nuget in each project.
it was added in MR tomchavakis#199
Any plan to add this (if not yet added)?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.