Skip to content
/ conda-deny Public

πŸ”ŽπŸ A CLI tool to check your project's dependencies for license compliance

License

BSD-3-Clause license
16 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Quantco/conda-deny

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

25 Commits
.github
.github
Β 
Β 
src
src
Β 
Β 
tests
tests
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.pre-commit-config.yaml
.pre-commit-config.yaml
Β 
Β 
Cargo.lock
Cargo.lock
Β 
Β 
Cargo.toml
Cargo.toml
Β 
Β 
Cross.toml
Cross.toml
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
deny.toml
deny.toml
Β 
Β 

Repository files navigation

conda-deny

License CI Status Binary Build Conda Platform Codecov

πŸ—‚ Table of Contents

πŸ“– Introduction

conda-deny is a CLI tool for checking software environment dependencies for license compliance. Compliance is checked with regard to a whitelist of licenses provided by the user.

πŸ’Ώ Installation

You can install conda-deny using pixi:

pixi global install conda-deny

Or by downloading our pre-built binaries from the releases page.

🎯 Usage

conda-deny demo conda-deny demo

conda-deny can be configured in your pixi.toml or pyproject.toml (pixi.toml is preferred). The tool expects a configuration in the following format:

[tool.conda-deny]
#--------------------------------------------------------
# General setup options:
#--------------------------------------------------------
license-whitelist = "https://raw.githubusercontent.com/QuantCo/conda-deny/main/tests/test_remote_base_configs/conda-deny-license_whitelist.toml" # or ["license_whitelist.toml", "other_license_whitelist.toml"]
platform = "linux-64" # or ["linux-64", "osx-arm64"]
environment = "default" # or ["default", "py39", "py310", "prod"]
lockfile = "environment/pixi.lock" # or ["environment1/pixi.lock", "environment2/pixi.lock"]

#--------------------------------------------------------
# License whitelist directly in configuration file:
#--------------------------------------------------------
safe-licenses = ["MIT", "BSD-3-Clause"]
ignore-packages = [
    { package = "make", version = "0.1.0" },
]

After installing conda-deny, you can run conda-deny check in your project. This then checks pixi.lock to determine the packages (and their versions) used in your project.

✨ Output Formats

conda-deny supports different output formats via the --output (or -o) flag. Output formatting works for both, the list and the check command. To get an overview of the different format options, try:

$ conda-deny list --output csv
package_name,version,license,platform,build,safe
_openmp_mutex,4.5,BSD-3-Clause,linux-aarch64,2_gnu,false
_openmp_mutex,4.5,BSD-3-Clause,linux-64,2_gnu,false
...

$ conda-deny list --output json-pretty
{
  "unsafe": [
    {
      "build": "conda_forge",
      "license": {
        "Invalid": "None"
      },
      "package_name": "_libgcc_mutex",
      "platform": "linux-64",
      "version": "0.1"
    },
    {
      "build": "h57d6b7b_14",
      "license": {
        "Invalid": "LGPL-2.0-or-later AND LGPL-2.0-or-later WITH exceptions AND GPL-2.0-or-later AND MPL-2.0"
      },
      "package_name": "_sysroot_linux-aarch64_curr_repodata_hack",
      "platform": "noarch",
      "version": "4"
    },
...

About

πŸ”ŽπŸ A CLI tool to check your project's dependencies for license compliance

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

16 stars

Watchers

10 watching

Forks

0 forks
Report repository

Releases 7

v0.4.1 Latest
Feb 17, 2025
+ 6 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages