Tool outputs following result, but ASP Net Core is MIT licensed.
https://www.nuget.org/packages/Microsoft.AspNetCore.Authorization
https://github.com/dotnet/aspnetcore/blob/main/LICENSE.txt

####################################################################################################
Package:Microsoft.AspNetCore.Authentication.Abstractions
Version:2.0.0
project URL:https://asp.net/
Description:ASP.NET Core common types used by the various authentication components.
licenseUrl:https://raw.githubusercontent.com/aspnet/Home/2.0.0/LICENSE.txt
license Type:Apache-2.0

Seems like it wrongly resolves to ASP MVC 6

A feature request:

For our projects the desired output is a single "licenses.txt"-style file that contains the actual texts of the licenses for each library. For each library, the name and version is also needed; the other properties like project URL and Description are not mandatory for our use case.

We could use the --export-license-texts option and then concatenate all these files and prefixing each one with the filename. However, most of the 'nuget downloaded licenses' contain HTML markup, example:

<!DOCTYPE html>

<html lang="en">
<head>
    <link rel="stylesheet" href="/Content/Site.css" />
        <title>&#39;BSD-3-Clause&#39; reference</title>
</head>
<body>
    <div id="main-content">
        


<h2>SPDX identifier</h2>
<p>BSD-3-Clause</p>

<h2>License text</h2>
<pre>_____

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

   1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

   2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

   3. _____ be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY _____ &quot;AS IS&quot; AND ANY _____ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL _____ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 </pre>


    </div>
</body>
</html>

This markup looks a bit odd in a .txt file, so ideally it would just use the actual text content of this HTML file.

Is there any way this can already be achieved with the current version of your tool?

Hi,
is there a flag to also print which csproj is using the specific Nuget package?
--include-project-file seems to do nothing as:
dotnet-project-licenses --input solution.sln --md --unique --export-license-texts --include-project-file --convert-html-to-text -f licenses --outfile output.md --timeout 600 --packages-filter NugetLicensesExclude.json

We have quite often a StackOverflow when we do the check transitive but then it suddenly goes away and the error might be away for several days and then suddenly it is back again. Also, we use multiple build agents and often it happens just on one, the same build works fine on another machine (but it is not always the same machine where we have the problems.
We use the nuget-license inside a nuke build.

nuget-license_stackoverflow.txt

I need some additional optional columns in the output table:

• Usage, e.g.: Distribution, Development, Service, Compile, etc.
• Note: The reason for using this package or other relevant comments.

I have already cloned the repository and made the changes required to support the additional optional columns using the --manual-package-information option as the manual package information file will hold the Usage and Note values. I'm still missing the tests, though :-)

manual-package-information.json

[
 {
    "PackageName": "WebGrease",
    "PackageVersion": "1.6.0",
    "Usage": "XXX",
    "Note": "YYY"
  }
]

command line
... --manual-package-information manual-package-information.json --usage --note

table output

 | Reference | Version  |...| Usage | Note | 
 |-----------------------------------------| 
 | Antlr     | 3.5.0.2  |...|       |      | 
 | WebGrease | 1.6.0    |...| XXX   | YYY  | 

Do you think this change will make sense to others, i.e., should I create a pull request?

The readme says this about the --licenseurl-to-license-mappings command-line flags:

When used, this option allows to override the url to license mapping built into the application (see [here](src/NuGetUtility/LicenseValidator/UrlToLicenseMapping.cs))

but the default array of conversions (Uri to string) implies that the resulting license (or LicenseValidationResult) should convert the origin type from LicenseInformationOrigin.Url to LicenseInformationOrigin.Expression), since it has been mapped.

When running the tool in command line, I get this output:

Project Reference(s) Analysis...

References:
 | Reference           | Version | License Type | License                                                        |
 |---------------------------------------------------------------------------------------------------------------|
 | Azure.Storage.Blobs | 12.9.1  | MIT          | https://licenses.nuget.org/MIT                                 |
 | CommandLineParser   | 2.8.0   | License.md   | https://www.nuget.org/packages/CommandLineParser/2.8.0/License |
 | Google.Apis         | 1.53.0  | LICENSE      | https://www.nuget.org/packages/Google.Apis/1.53.0/License      |
 | IdentityModel       | 5.1.0   | Apache-2.0   | https://licenses.nuget.org/Apache-2.0                          |
 | jQuery              | 3.6.0   |              | http://jquery.org/license                                      |
 | Newtonsoft.Json     | 13.0.1  | MIT          | https://licenses.nuget.org/MIT                                 |
 | NUnit               | 3.13.2  | LICENSE.txt  | https://www.nuget.org/packages/NUnit/3.13.2/License            |
 | Unity               | 5.11.10 |              | https://github.com/unitycontainer/unity/blob/v5.x/LICENSE      |

When executing the Docker Command provided in the README file in the same directory, I get this:

Starting GetPackages...
Discovered Project Files


Starting MapPackagesToLibraryInfo...

Project Reference(s) Analysis...

Do I have to change the command, so it fits my path, or should it run as given?

It seems like the version 100.100.100 was published to https://www.nuget.org/packages/dotnet-project-licenses, however this version does not work.

And since it also does not show up in the releases here on Github, I guess this version wasn't supposed to be released.

GitHub allows for branch redirects (for example, for projects that rename their default branch from master to main). The tool doesn't appear to follow these redirects, so license text fetching can fail.

I'm happy to submit a PR with a fix, if the desired behavior is that such redirects are followed by default.

System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 10 seconds elapsing.
---> System.TimeoutException: A task was canceled.
---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) --- End of inner exception stack trace --- --- End of inner exception stack trace --- at System.Net.Http.HttpClient.HandleFailure(Exception e, Boolean telemetryStarted, HttpResponseMessage response, CancellationTokenSource cts, CancellationToken cancellationToken, CancellationTokenSource pendingRequestsCts) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at NugetUtility.Methods.ExportLicenseTexts(List1 infos) in /home/runner/work/nuget-license/nuget-license/src/Methods.cs:line 1013
at NugetUtility.Program.Execute(PackageOptions options) in /home/runner/work/nuget-license/nuget-license/src/Program.cs:line 71

See line:

I am using your tool for quite some time now, works great and helps me a lot! But now I ran into a problem that when there is a download timeout (export licenses) the application crashes. It would be nice when the execption is caught and logged. Now our build fails for difficult to troubleshoot error.

try..catch for the ExportLicenseTexts function ->
catch (TimeOutException ex)
{
WriteOutput($"Problem during download of License url: {fileToDownload} -> {ex.Message}");
}

I guess the intention of the tool is to only support .NET Core and .NET Standard projects (even though the project description does not state so explicitly).
However, it might be better if the tool does not crash if one of the included projects is a .NET Framework project. Instead, this type of project could simply be ignored (with a warning).

The crash happens in Methods.GetProjectReferences, because element "Project" is not available in project file of a .NET Framework project.

Could you include a license for the project?

I have implemented this tool in my Azure Pipeline to list all dependencies and obtain all licenses in order to list them in my frontend.

I run into an exception however when executing this tool in a build Agent:

System.Threading.Tasks.TaskCanceledException: The operation was canceled.
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at NugetUtility.Methods.ExportLicenseTexts(List`1 infos) in /home/runner/work/nuget-license/nuget-license/src/Methods.cs:line 748
   at NugetUtility.Program.Execute(PackageOptions options) in /home/runner/work/nuget-license/nuget-license/src/Program.cs:line 40

I execute this tool as following:
dotnet-project-licenses -i {path to solution} -u -o {output path}/licenses.json -j --export-license-texts

The solution that I use this tool for consists of multiple .NET Framework 4.x projects. This tool works fine on said solution when I run it on my local machine.

This error doesn't show up every time that I execute my pipeline, but I cannot rely on it working 50% of the time.

Any idea what I'm doing wrong?

Hello,
Can we use multiple nuget sources? It looks check only api.nuget.org but I have also a private repository for my packages. Do you think about any improvement for this?
Thanks

OS: MacOS Catalina 10.15.7

When I run

dotnet dotnet-project-licenses -i <path> -u -j --outfile /tmp/nuget-licenses.json

in the command line, it produces the json file but Repository key is not included in the output. When I used the tool a few days ago I was able to get that information as well. I have installed the package locally and uninstalled & reinstalled a few times. But it was the same version, i.e. 2.4.0 all the time. Don't know why this happens now. Any idea?

The nuget doesn't support .NET7 when added to an Azure DevOps build pipeline.

This is the output when using SDK .NET 7.0.100

You can invoke the tool using the following command: dotnet-project-licenses
Tool 'dotnet-project-licenses' (version '2.4.0') was successfully installed.
You must install or update .NET to run this application.

App: /home/vsts/.dotnet/tools/dotnet-project-licenses
Architecture: x64
Framework: 'Microsoft.NETCore.App', version '6.0.0' (x64)
.NET location: /opt/hostedtoolcache/dotnet

The following frameworks were found:
  7.0.0 at [/opt/hostedtoolcache/dotnet/shared/Microsoft.NETCore.App]

I'm trying this:

PS C:\projects\my_home> Get-ChildItem -Recurse -Filter *.csproj |
>> Foreach-Object {
>>     dotnet-project-licences -i $_.FullName
>> }

But I get

dotnet-project-licences:
Line |
   3 |      dotnet-project-licences -i $_.FullName
     |      ~~~~~~~~~~~~~~~~~~~~~~~
     | The term 'dotnet-project-licences' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Even though it is installed and works when I call it directly without a PS script. Can anyone help?

Is there a plan to publish this tool as a NuGet package so it can be referenced in another project?

According to NuGet/Home#7752, microsoft plans to implement a structured way to read all installed packages. This command would be even better suited to be used in this application than what is done in https://github.com/tomchavakis/nuget-license/tree/v3.0.0-alpha.

Via --licenseurl-to-license-mappings one can provide a mapping from an URL to a license type.

I wanted to use this for a URLs where a License Type could not be determined. But this broke all other packages. I guess this is caused, because the other Packages' URLs do not mach with with the one provided in the mapping, hence it could not be determined.

I would prefer something like this:

• Check if the URL of the package to process matches any URL in the provided mapping
• If yes: Use the License Type from the Mapping
• If no: Determine the License Type the usual way

Any thoughts?

hi,

thanks for the project it really helps us checking for GPL licenses ;-)

could you please extend the paramter forbidden-license-types that it also takes semicolon seperated string, this would reduce the dependency in pipelines.

thank you for your time

Hello, it would be very useful to print out transitive package licenses as well. Is this something planned already?

I'm trying to integrate license checker into a CI pipeline.
As CI tool we use TeamCity.

    dotnet-project-licenses -i <sln_file> -u -o -j --include-project-file --packages-filter '/System.*|Microsoft.*/'

When I run the above script from PowerShell CLI, it works just fine. But when I run this as PowerShell command in TeamCity, for some reason, forward slashes are changed to backslashes and then the filter argument is treated as a relative path to the file system.

Is it possible to separate --packages-filter into two - one for json file and another for regexp? Or make it less error-prone (eliminate slashes at all).

If you specify both --output, --json, and --md options on the command line, only one of them takes effect, with no clear indication in the documentation of which one prevails.

They don't have to be mutually exclusive, I don't see why the tool can't save both *.json and *.md files at the same time, for example.

Packages versions can be specified in Directory.Packages.props.
https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management
or at least add warning if this file is detected

Can we add support for incorporating nuget-license into https://github.com/porscheinformatik/sonarqube-licensecheck so that it runs along with other license checks ?

When using the licenseurl mapping functionality along with a package using a deprecated license url the mapping fails. At the time nuget-license does the mapping it has not run the HandleDeprecateMSFTLicense method to fix it. So the licenseurl mapping file still sees the license as 'https://aka.ms/deprecateLicenseUrl'. It is unclear to me if this is intentional or if I should make a pull request with this logic in Program.cs changed. Below are reproduction steps.

Command
dotnet-project-licenses -i ./TestLicenseCheck.csproj -u -o -j --licenseurl-to-license-mappings .\mappings.json --allowed-license-types .\allowed-licenses.json

./TestLicenseCheck.csproj - blank project with a single nuget reference to Iron Pdf
<PackageReference Include="IronPdf" Version="2022.4.5575" />

mappings.json
{ "https://ironpdf.com/docs/license/eula/": "Commercial" }

allowed-licenses.json
[ "Commercial" ]

We use the NUGET_PACKAGES environment variabele to store the nuget packages somewhere else but now the tools doesn't find the packages and downloads them all again

If there are a lot of nuget packages referenced (especially framework and microsoft ones) the license checking mechanism gets slow due the fact that a lot of packages need to be evaluated using web requests.

I have a project with NuGet references

• FluentNHibernate 3.1.0
• NHibernate 5.3.10

FluentNHibernate 3.1.0 has a transitive dependency on version >=5.3.3 of NHibernate

First step
Run dotnet-project-licenses on a clean setup (empty nuget cache) this works as expected with output

• FluentNHibernate 3.1.0
• NHibernate 5.3.10

Second step
Update NHibernate to 5.3.13

Third step
Run dotnet-project-licenses again with output

• FluentNHibernate 3.1.0
• NHibernate 5.3.10
• NHibernate 5.3.13

Even if I have no reference to 5.3.10 in my project anymore

Trying the unique option and I don't see any difference in the output. Thanks!

In April Microsoft introduced Central Package Management. The current version (2.4) does not produce any result when using CPM.

Are there any plans to support CPM and if so, when?

We also tried the 3.0.0-alpha5 and ran 4into an exception:
dotnet-project-licenses -i .\src\<ProjectName>\<ProjectFile>.csproj

System.ArgumentException: Value cannot be null or an empty string. (Parameter 'value')
   at NuGet.Versioning.NuGetVersion.Parse(String value)
   at NuGet.Versioning.NuGetVersion..ctor(String version)
   at NuGetUtility.Wrapper.NuGetWrapper.Versioning.WrappedNuGetVersion..ctor(String version) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/NuGetWrapper/Versioning/WrappedNuGetVersion.cs:line 16
   at NuGetUtility.Wrapper.MsBuildWrapper.MsBuildAbstraction.<>c.<GetPackageReferencesFromProjectForFramework>b__2_1(ITaskItem p) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/MsBuildWrapper/MsBuildAbstraction.cs:line 33
   at System.Linq.Enumerable.SelectArrayIterator`2.MoveNext()
   at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source, Func`2 predicate)
   at NuGetUtility.ReferencedPackagesReader.ReferencedPackageReader.IsDirectlyReferenced(ILockFileLibrary library, IEnumerable`1 directlyReferencedPackages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/ReferencedPackagesReader/ReferencedPackageReader.cs:line 88
   at NuGetUtility.ReferencedPackagesReader.ReferencedPackageReader.<>c__DisplayClass8_0.<GetReferencedLibrariesForTarget>b__1(ILockFileLibrary l) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/ReferencedPackagesReader/ReferencedPackageReader.cs:line 74
   at System.Linq.Utilities.<>c__DisplayClass1_0`1.<CombinePredicates>b__0(TSource x)
   at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
   at NuGetUtility.Extensions.HashSetExtension.AddRange[T](HashSet`1 source, IEnumerable`1 items) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Extensions/HashSetExtension.cs:line 15
   at NuGetUtility.ReferencedPackagesReader.ReferencedPackageReader.GetInstalledPackagesFromAssetsFile(Boolean includeTransitive, IProject project) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/ReferencedPackagesReader/ReferencedPackageReader.cs:line 52
   at NuGetUtility.Program.OnExecuteAsync() in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 0

Hi,

Just wanted to report this, in case this is a Bug, I got this license result, but the tool wasn't able to detect this MIT license, but when you open the license file link, you can see this is MIT.

 | System.IdentityModel.Tokens.Jwt  | 5.1.4   |              | https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/master/LICENSE.txt

Your tool provides great output, but includes a lot of clutter for larger projects. I'd like to get rid of all System.* and Microsoft.* packages (and a few more). The json option is not maintainable (Microsoft may add and remove packages frequently). I cannot add multiple --packages-filter options. May Regex skills are insufficient here... any advice?

Hi,

great tool, but it would be awesome if you could specify the output folder/file in -o option. I can send PR if you are busy.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update actions/upload-release-asset action to v1.0.2
• Update dependency HtmlAgilityPack to v1.11.61
• Update dependency Newtonsoft.Json to v13.0.3
• Update dependency NuGet.Versioning to v6.10.1
• Update actions/checkout action to v4
• Update actions/setup-dotnet action to v4
• Update dotnet monorepo to v8 (major) (mcr.microsoft.com/dotnet/runtime, mcr.microsoft.com/dotnet/sdk)
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

csproj file allows the use of variables in the ProjectReference in the csproj file. Variables can be set via Environment variables, command line parameters etc.

The tool does not evaluate these variables before querying the package information.

In the case where no NuGet dependencies were present and the --json option is specified, no json file was produced.
We can add a new option parameter in order to produce an empty file or an empty [] result. That way, it would be easier for 3rd party tools to parse the tool's output.
#123

For example in https://api.nuget.org/v3-flatcontainer/ReactiveUI/13.2.2/ReactiveUI.nuspec

Different target has different dependencies, but most noticeable one is Tizen.Net in Tizen4.0, which brings wrong information into the report

as an alternatively, could the project use "dotnet list package --include-transitive" for getting the dependency list?

On linux all filenames are lower case.

E.g.:

~/.nuget/packages$ ls -al
...
drwxr-xr-x   3 demo demo  4096 May 11 05:49 owin
...

Also nuspec file is lower case:

~/.nuget/packages/owin/1.0.0$ ls -al
total 52
drwxr-xr-x 3 demo demo  4096 May 11 05:49 .
drwxr-xr-x 3 demo demo  4096 May 11 05:49 ..
drwxr-xr-x 3 demo demo  4096 May 11 05:49 lib
-rw-r--r-- 1 demo demo   127 May 11 05:49 .nupkg.metadata
-rw-r--r-- 1 demo demo 14137 May 11 05:49 owin.1.0.0.nupkg
-rw-r--r-- 1 demo demo    88 May 11 05:49 owin.1.0.0.nupkg.sha512
-rwxr--r-- 1 demo demo   660 Nov 13  2012 owin.nuspec
-rwxr--r-- 1 demo demo  9462 Oct 14  2018 .signature.p7s

Also requests to v3 api do not work and fallback to v2:

Package 'Owin', version requirement 1.0 resolved to version 1.0.0 from NuGet server
https://api.nuget.org/v3-flatcontainer/Owin/1.0.0/Owin.nuspec failed due to NotFound!
Attempting to download: https://www.nuget.org/api/v2/package/Owin/1.0.0
Attempting to read: Owin.nuspec

When using lower case url on v3, download succeeds:

~$ curl https://api.nuget.org/v3-flatcontainer/Owin/1.0.0/Owin.nuspec
<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist.
RequestId:cc668ccb-601e-007c-6a00-657eb1000000
Time:2022-05-11T06:28:09.8441390Z</Message></Error>

~$ curl https://api.nuget.org/v3-flatcontainer/owin/1.0.0/owin.nuspec
<?xml version="1.0"?>
<package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
  <metadata>
    <id>Owin</id>
    <version>1.0</version>
    <title>OWIN</title>
    <authors>OWIN startup components contributors</authors>
    <owners>OWIN startup components contributors</owners>
    <licenseUrl>https://github.com/owin-contrib/owin-hosting/blob/master/LICENSE.txt</licenseUrl>
    <projectUrl>https://github.com/owin-contrib/owin-hosting/</projectUrl>
    <requireLicenseAcceptance>false</requireLicenseAcceptance>
    <description>OWIN IAppBuilder startup interface</description>
    <tags>OWIN</tags>
  </metadata>
</package>

Since licenses might change between versions, I think it would be a good addition to the output if this information is provided.

I just wanted to check, if there is any possibility for this tool to Show a dependency graph (showing all children of dependencies)

I tried dotnet list /folder/ package --include-transitive but this doesn't show a relation graph

Issue when try to read package information inside local package cache on Linux.
Packages folder in Linux filesystem has lowercase package name:
/root/.nuget/packages/microsoft.identitymodel.tokens

It can possibly detected if <PrivateAssets> or <ExcludeAssets> within <PackageReference> contains all or combination of compile; runtime; contentFiles; native
or

    <packageTypes>
      <packageType name="DotnetTool" /> <!-- or Template-->
    </packageTypes>

in package manifest

https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#controlling-dependency-assets
https://learn.microsoft.com/en-us/nuget/create-packages/set-package-type?tabs=dotnet

i.e. https://www.nuget.org/packages/SonarAnalyzer.CSharp/ is using LGPL and it sometimes hard to fight with legal department about LGPL/GPL.

Hi there,
would be cool to have your tool working with .NET6

PS C:\...> dotnet-project-licenses -i . -u -o
It was not possible to find any compatible framework version
The framework 'Microsoft.NETCore.App', version '5.0.0' (x64) was not found.
  - The following frameworks were found:
      6.0.0-rc.2.21480.5 at [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]

You can resolve the problem by installing the specified framework and/or SDK.
The specified framework can be found at:
  - https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=5.0.0&arch=x64&rid=win10-x64

Cheers, mMilk

Packages defined in Directory.Build.props are not evaluated during a license scan.

I lately came across a shortcoming of this utility when I encountered a Package that specified a range of allowed dependencies (see #50 for my intermediate solution).

This rose the question why not use something like https://www.nuget.org/packages/NuGet.Commands/5.8.1 to do all dependency resolve work and stuff and just concentrate on the proper license handling.

Via --manual-package-information you can provide packages that are "manually" determined.

However these packages are not checked against the allowed license types (--allowed-license-types).
I.e. when I provide a package with the license type GPL in the manual packages, but in the allowed license types GPL is not contained, the tool won't fail.

Is this the expected behavior?
In my case, when I tested this, I was expecting the tool to fail on that particular package.
Any thoughts?

Hi,

I execute the following command but nothing happens for me.
dotnet-project-licenses -i c:\test --export-license-texts
I see just "Project Reference(s) Analysis..." but without result.

Any help appreciated

version: 2.7.1

This happened when the tool was run against project which was not built (packages not restored). Is this by desing? Reporting usage of package multiple major versions above what is actually used? Would it not be better to show error that package was not found?