The Clojure CLI deps project can generate a fairly accurate list of licences as used by a project dependencies (and each dependency transitive dependencies)
Pulls the license information from a pom.xml file, either from a repository or a packaged jar file.
Limitation: deps projects don't have a license definition in a known place. Establishing a standard license location and formant would also allow obtaining a license from local/root or git repository.
Will Clojure -X:deps list export information as EDN?
A hash map of info could include
Project name
Project URL (if it's discovered - a git domain and project name)
source of licence - from a jar, pom in a repo, a guess
Licences used - one or more licences
“corner cases” - e.g. dual-or-more licensed software where the author has concatenated all of the licenses’ texts into a single ./LICENSE or ./COPYING
New Features
download the text of a license for each unique licence found across all dependencies.
Create a LICENCES directory with a readme listing each license used
bonus points for listing which dependency uses which license
LICENCES directory used to avoid conflict with the common LICENCE file
-- check with community as to where licenses are contained
Alternatively:
concatenate all the licenses together with a mention of the library name each time, so we could be sure we're properly recreating the copyright message. As opposed to just saying “library: license type”. Also probably needs to descend into dependencies recursively (not really clear on the legal ramifications honestly).
The Clojure CLI deps project can generate a fairly accurate list of licences as used by a project dependencies (and each dependency transitive dependencies)
Getting License LIst Clojure CLI -X;deps list
https://clojure.github.io/tools.deps.alpha/clojure.tools.cli.api-api.html#clojure.tools.cli.api/list works with Maven deps, pom-based file deps, local jars, but not with deps-only local/git deps
Pulls the license information from a pom.xml file, either from a repository or a packaged jar file.
Limitation: deps projects don't have a license definition in a known place. Establishing a standard license location and formant would also allow obtaining a license from local/root or git repository.
Example
Export license list as EDN ?
Will Clojure -X:deps list export information as EDN? A hash map of info could include Project name Project URL (if it's discovered - a git domain and project name) source of licence - from a jar, pom in a repo, a guess Licences used - one or more licences
Figuring out unstructured licenses
existing best practice in this area i.e. https://spdx.dev/license-list/matching-guidelines/
“corner cases” - e.g. dual-or-more licensed software where the author has concatenated all of the licenses’ texts into a single ./LICENSE or ./COPYING
New Features
download the text of a license for each unique licence found across all dependencies.
Create a LICENCES directory with a readme listing each license used
Alternatively: concatenate all the licenses together with a mention of the library name each time, so we could be sure we're properly recreating the copyright message. As opposed to just saying “library: license type”. Also probably needs to descend into dependencies recursively (not really clear on the legal ramifications honestly).
Alternative projects
References