Licenses subject is a huge subject in open-source project because some of the licenses can be contaminating. Most common example is the GPL license, every software using a package under GPL license should respect the GPL license conditions.
The package pip-licenses package can help you to inspect the licenses of your project. it will retrieve all licenses of the package install in your environment. let’s try if on django code as an example.
So, let’s get the code first
git clone git@github.com:django/django.git
cd django
Then create your local environment as it is described in django doc
python3 -m venv ~/.virtualenvs/djangodev
source ~/.virtualenvs/djangodev/bin/activate
python -m pip install -e .
Install and run pip-licenses
pip install pip-licenses
pip-licenses
The result is very clean for Django
Name Version License
Django 4.2.dev20221222061217 BSD License
asgiref 3.6.0 BSD License
sqlparse 0.4.3 BSD License
Going a little bit more deeper, let’s install tests dependencies and list licenses of dependencies again
cd tests
python -m pip install -r requirements/py3.txt
pip-licenses
Result is a little bit bigger
Name Version License
Django 4.2.dev20221222061217 BSD License
Jinja2 3.1.2 BSD License
MarkupSafe 2.1.1 BSD License
Pillow 9.3.0 Historical Permission Notice and Disclaimer (HPND)
PySocks 1.7.1 BSD
PyYAML 6.0 MIT License
aiohttp 3.8.3 Apache Software License
aiosignal 1.3.1 Apache Software License
aiosmtpd 1.4.3 Apache Software License
argon2-cffi 21.3.0 MIT License
argon2-cffi-bindings 21.2.0 MIT License
asgiref 3.6.0 BSD License
async-generator 1.10 Apache Software License; MIT License
async-timeout 4.0.2 Apache Software License
atpublic 3.1.1 Apache Software License
attrs 22.2.0 MIT License
bcrypt 4.0.1 Apache Software License
black 22.12.0 MIT License
certifi 2022.12.7 Mozilla Public License 2.0 (MPL 2.0)
cffi 1.15.1 MIT License
charset-normalizer 2.1.1 MIT License
click 8.1.3 BSD License
docutils 0.19 BSD License; GNU General Public License (GPL); Public Domain; Python Software Foundation License
frozenlist 1.3.3 Apache Software License
geoip2 4.6.0 Apache Software License
h11 0.14.0 MIT License
idna 3.4 BSD License
maxminddb 2.2.0 Apache Software License
multidict 6.0.3 Apache Software License
mypy-extensions 0.4.3 MIT License
numpy 1.24.0 BSD License
outcome 1.2.0 Apache Software License; MIT License
pathspec 0.10.3 Mozilla Public License 2.0 (MPL 2.0)
platformdirs 2.6.0 MIT License
pycparser 2.21 BSD License
pylibmc 1.6.3 3-clause BSD <https://opensource.org/licenses/bsd-license.php>
pymemcache 4.0.0 Apache Software License
pytz 2022.7 MIT License
pywatchman 1.4.1 BSD License
redis 4.4.0 MIT License
requests 2.28.1 Apache Software License
selenium 4.7.2 Apache Software License
sniffio 1.3.0 Apache Software License; MIT License
sortedcontainers 2.4.0 Apache Software License
sqlparse 0.4.3 BSD License
tblib 1.7.0 BSD License
trio 0.22.0 Apache Software License; MIT License
trio-websocket 0.9.2 MIT License
tzdata 2022.7 Apache Software License
urllib3 1.26.13 MIT License
wsproto 1.2.0 MIT License
yarl 1.8.2 Apache Software License
Conclusion
Finally, Here is my advice :
- Be careful to license used in your dependencies
- Inspect it regularly
- By the way, if you need to choose a license, you can consider Do What the Fuck You Want to Public License
Hope this help !