(Frozen release plans) Progress to 4.0

[cdce8p]

This issue should track the progress to the next major release and provide a place to have discussions about features.

Features

• [x] Improve argparse #87
• [x] Move to package structure #88

Ideas

• [ ] Add support for PEP 639 -> SPDX license tags
• [ ] Update PrettyTable dependency #82
• [ ] Move from cli only application to cli + lib #81
• [ ] Add typing + type checking (mypy)
• [ ] Improve CI test -> add environment caching
• [ ] Add ability to specify options in setup.cfg
• [ ] Improve usage for CI license validation -> add some sort of license pinning
• [ ] Add support for importlib.metadata (Python 3.8 and up). Replaces get_installed_distributions
• [ ] Add authors file
• [ ] Add settings files for VS Code
• [ ] Support multiple license files per package

The ideas are subject to change and might not all get implemented. I'll move ideas to the feature column once a PR is created.

Discussions

Add flake8, pylint Those checks are relatively easy to add and might at some code quality improvements. At least the provide useful guides when used with IDEs (eg. VS Code)

Require Python 3.7 I'm not completely sure about this one. But some good arguments in favor

• Python 3.6 will be deprecated at the end of the year
• The switch to 3.7 would allow the use of Data classes and Postponed evaluation of annotations, the last being very helpful (but not required) for type annotations.
• The move to 4.0 will already be a breaking change, so it would be easy to add it on.
• Most users will most likely support Python 3.7 and up, given it's already three years old
• Users that require Python 3.6 can still use the current version which works perfectly fine. They will probably upgrade soon anyway.

[raimon49]

Note: I have a security alert from dependabot and have updated the dev-requirements.txt . So, dev-4.0.0 has been rebased to commit 7dba43c2e8799016d975004a1f689234ac4407a0 and force pushed.

[cdce8p]

Note: I have a security alert from dependabot and have updated the dev-requirements.txt . So, dev-4.0.0 has been rebased to commit 7dba43c and force pushed.

Thanks for letting me know!

[raimon49]

I was notified of an insecure version of the dependency from dependabot and the dev-4.0 branch was rebased to 3c9aab1dda81edfb7232e726cdda8ba892e240e1.

[johnthagen]

I'd love if #71 were considered for 4.0 somehow. As someone who relies on pip-licenses to help properly display license information of third party packages, missing some of their license files has always felt a little non-ideal. I'd created a proof-of-concept in #78 on what this could look like.

[cdce8p]

I'd love if #71 were considered for 4.0 somehow. As someone who relies on pip-licenses to help properly display license information of third party packages, missing some of their license files has always felt a little non-ideal. I'd created a proof-of-concept in #78 on what this could look like.

@johnthagen I unfortunately didn't had much time the last couple of weeks so the progress came to a bit of a hold. Hope to continue with it soon. As for your suggestion, I've added it to the list. It does seem reasonable. Have to see how to best implement it.

[johnthagen]

Have to see how to best implement it.

Sounds great. Feel free to check out #78 where I had a working prototype. The challenge was consistency with output formats that had difficulty handling a list of license files.

I personally only need --format=plain-vertical as I feel its one of the few that works well with license file contents (which can have all kinds of characters that mess up other table-based formats anyway).

[raimon49]

dev-4.0 branch has been rebased with v-3.3.1 tag as the branch source.

@cdce8p Can I leave it to you to port the code that corresponds to #94?

[cdce8p]

@raimon49 Just opened #96

[raimon49]

Today, I added the following commit to my master branch.

• Updated development dependencies to resolve security alerts.
  • d863b9ff61bfc2d74ece99f30475b01684b70748
• Fixing broken test cases.
  • 0d2d1d7ee262ad80ca0faf606cfc3eea1cc2d3e1
  • a585b3000add63a08741226016fa0b4a198d9f5b
  • 6c5b54bf0dfe3f7493756b5ee104ef2e55140031

dev-4.0 branch has also been rebased from the latest master branch. The test cases have priority over the code in the dev-4.0 branch.

[cdce8p]

Today, I added the following commit to my master branch.

• Updated development dependencies to resolve security alerts.

  • d863b9f

• Fixing broken test cases.

  • 0d2d1d7
  • a585b30
  • 6c5b54b

dev-4.0 branch has also been rebased from the latest master branch. The test cases have priority over the code in the dev-4.0 branch.

Thanks for the heads up. I unfortunately don't have much that free time to work on it at the moment, although I do plan to come back to it at some point.

The last few weeks I've worked on a few improvements for setuptools that will ultimately also help us here once they are widely adopted. That includes

• Correctly escape the License metadata field. Previously, multiline licenses would almost certainly have broken the metadata file.
• The license_files option now supports glob patterns, overwrites any manifest settings and has reasonable defaults if not specified. That should help many projects with including their license files in the source distribution. wheel does include something similar for the build distribution.
• Added support for the License-File metadata field. That should help finding the relevant licensing files in a package. https://github.com/pypa/setuptools/pull/2645

[johnthagen]

@cdce8p As more people move to alternatives to setuptools such as Poetry, will these enhancements also need to be added to those tools as well?

[cdce8p]

@cdce8p As more people move to alternatives to setuptools such as Poetry, will these enhancements also need to be added to those tools as well?

I believe so, unfortunately. Especially the License-File metadata field probably depends on PEP 639 before it really takes off, but there hasn't been much movement on it lately. https://discuss.python.org/t/pep-639-improving-license-clarity-with-better-package-metadata/2154

@johnthagen If you're familiar with Poetry, maybe you want to open an issue there for them to add it. (Since I haven't used it, I don't know what features regarding license files they do support.)

[raimon49]

@cdce8p Thank you for giving us such great news! Your contribution to setuptools is excellent.

[raimon49]

pip-licenses 4.0.0 has been released, including some of the plans discussed in this issue. https://pypi.org/project/pip-licenses/4.0.0/

For this reason, I have changed the issue title.