Skip to content

Commands

license-audit provides the five commands detailed below. All commands accept the global flags --target, --policy, and --config; refresh takes no configuration and ignores them.

analyze

Default analysis output: a per-package table with version, license expression, category, source, and parent, plus recommended outbound licenses, action items, and a summary. Pass --format json for the same analysis as machine-readable JSON (see the JSON report schema).

license-audit analyze
license-audit analyze --format json
license-audit --target /path/to/project analyze
license-audit --target /path/to/.venv analyze

check

License policy gate for CI. See CI integration for the full guide.

license-audit check
license-audit check --fail-on-unknown      # explicit (default)
license-audit check --no-fail-on-unknown   # tolerate unknown licenses

Exit codes: 0 = pass, 1 = policy violation (incompatible pairs, denied licenses, or category exceeded), 2 = unknown licenses (when --fail-on-unknown).

recommend

Outbound license recommendation based on the most restrictive dependency.

license-audit recommend

The output names the single most restrictive dependency, lists compatible outbound licenses ranked by permissiveness, and prints guidance specific to the strongest copyleft level present (e.g. weak-copyleft caveats for LGPL/MPL trees, attribution suggestions for fully permissive trees).

report

Compliance document for distribution or review.

license-audit report                                       # markdown to stdout
license-audit report --format json                         # JSON to stdout
license-audit report --format notices                      # notices to stdout
license-audit report --output COMPLIANCE.md                # write to file
license-audit report --format notices --output NOTICES.md
Format Use case
markdown (default) Human-readable compliance summary. Includes a Licenses Requiring Review section with the full license text of any dependency whose license could not be classified.
json Machine-readable, suitable for downstream tooling. See the JSON report schema
notices THIRD_PARTY_NOTICES.md with full license texts

refresh

Re-downloads the OSADL compatibility matrix and copyleft data into the user cache. Run after upgrading license-audit, or whenever you suspect the bundled data is stale.

license-audit refresh

The command writes to a platform-appropriate cache directory (resolved via platformdirs).

Global flags

These apply to every command except refresh, which takes no input:

Flag Purpose
--target PATH Project directory or virtualenv to analyze. See target resolution.
--policy LEVEL Override the configured policy level (permissive, weak-copyleft, strong-copyleft, network-copyleft).
--config PATH pyproject.toml (or its directory) to read config and the project name from. See target resolution.
--version Print version and exit.