Automic VaultAutomic Vault

brew

licensed mit Homebrew, Nix installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für licensed in AI-Agent-Workflows.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install licensed

local Homebrew formula metadata

Linux

Nixverifiziert · 92%
nix profile install nixpkgs#licensed

nixpkgs package indexes · pkgs/by-name/li/licensed/package.nix · Quelle: api.github.com

Überblick

Paketzusammenfassung

Cache and verify the licenses of dependencies

Befehle und Aliase

  • licensed

Verlauf

Projektgeschichte und Nutzung

Licensed is a Ruby command-line tool for caching dependency license texts and checking them against repository policy. It sits in the GitHub Licensee ecosystem: Licensee detects license text, while Licensed records and verifies the dependency-level results that package managers expose.

Projektgeschichte

The public GitHub repository was created on 2018-02-02 under GitHub's license tooling namespace and later moved under the licensee organization. The README describes the project as a Ruby gem and warns that it is not a complete open-source compliance solution.

The changelog shows the project evolving through compatibility-driven releases: v3 added migration guidance for self-contained builds, v4 removed self-contained executable releases and older Go support, and v5 required Ruby 3.0 or newer.

Adoptionsgeschichte

Licensed became useful to repositories that wanted license checks in development and continuous integration without manually inspecting every transitive dependency. Its source enumerators cover multiple language ecosystems, and its Homebrew formula made the Ruby CLI easy to install on macOS.

Wie es verwendet wird

A project adds a .licensed.yml file, runs Licensed to cache dependency records, and then runs status or verification commands to catch newly introduced, stale, or disallowed dependency licenses.

Warum Paket-Nerds sich dafür interessieren

Licensed is package-nerd notable because it treats license review as package metadata that can be cached, diffed, and enforced in CI. It also shows the practical boundary between SPDX-style license identification and the messy package-manager work of finding dependency sources.

Zeitleiste

  • 2018-02-02: GitHub repository created.
  • 2022-03-17: v3.6.0 changelog entry adds getting-started documentation and npm-workspaces support.
  • 2023: v4.0.0 changelog entry removes self-contained executable releases and adds CocoaPods and Gradle multi-project support.
  • 2024: v5.0.0 changelog entry requires Ruby 3.0 or newer.
  • 2025: v5.0.3 changelog entry adds pnpm v9 support.

Related projects

  • Related projects include Licensee for license detection, SPDX license data, and other dependency-license scanners such as LicenseFinder.

Sicherheitslage

Risikostufe: grün

narrow executable package without higher-risk signals.

Risikoklassifikator

grün Risiko · niedrig Konfidenz · appliance

Warum

  • narrow executable package without higher-risk signals

Signale

  • metadata:no-higher-risk-signals

Installationsverhalten

  • In den Formelmetadaten ist kein Homebrew-Post-install-Hook erfasst.
  • Homebrew-Bottle-Metadaten sind für 6 Plattformziele verfügbar.
  • Installiert mit 2 Laufzeitabhängigkeiten.
  • Build-Metadaten listen 2 Build-Abhängigkeiten.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
./.licensed.yml

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
licensedcliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-08
Manager-Version5.1.0
Manager aktualisiert2026-06-13
lokale DatenOK
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://github.com/licensee/licensed

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:licensed
Version5.1.0
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/licensed
Homepagehttps://github.com/licensee/licensed
Repositoryhttps://github.com/licensee/licensed
Upstream-Dokumentationhttps://github.com/licensee/licensed#readme
LizenzMIT
Quellarchivhttps://github.com/licensee/licensed.git
Zuletzt aktualisiert2026-06-13T23:35:01+02:00
Pulseupdated
Abhängigkeitenlibgit2, ruby
Build-Abhängigkeitencmake, pkgconf
Von macOS bereitgestellte Bibliothekenlibxml2, libxslt
Bottleverfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelicensed
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Nix95%

licensed

nix profile install nixpkgs#licensed
  • normalized package name match
  • Abgeglichen nach: Licensed
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/li/licensed/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment