Automic VaultAutomic Vault

brew

licensefinder mit Homebrew, Nix installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für licensefinder in AI-Agent-Workflows.

Installation

Weitere Installationsbefehle

macOS

Homebrewverifiziert · 100%
brew install licensefinder

local Homebrew formula metadata

Linux

Nixverifiziert · 92%
nix profile install nixpkgs#license_finder

nixpkgs package indexes · pkgs/by-name/li/license_finder/package.nix · Quelle: api.github.com

Überblick

Paketzusammenfassung

Find licenses for your project's dependencies

Befehle und Aliase

  • license_finder

Verlauf

Projektgeschichte und Nutzung

LicenseFinder is Pivotal's long-running Ruby CLI for finding dependency licenses, comparing them with approved policies, and reporting unapproved packages. It covers many project types by calling their native package managers rather than treating license scanning as a single-language problem.

Projektgeschichte

The public repository was created on 2011-01-17. The README describes a tool that works with package managers to find dependencies, detect licenses, compare them with permitted licenses, and produce actionable exception reports.

The changelog records a broadening scope over time: support for Ruby, Node, Python, Java, Go, CocoaPods, Swift Package Manager, Rust Cargo, PHP Composer, Conda, Flutter, and other ecosystems appears across releases. Release 7.0.0 in 2022 added Ruby 3 support, Flutter scanning, and SPDX identifier reporting.

Adoptionsgeschichte

LicenseFinder spread through CLI, RubyGems, Homebrew, Docker, and pre-commit workflows. Its Docker image bundles package managers so CI jobs can scan mixed-language repositories without installing every ecosystem tool on the host.

Wie es verwendet wird

Users run license_finder after installing project dependencies. The tool records approvals and permitted licenses, exits non-zero for unapproved dependencies, and can run in CI to catch new dependency-license work items.

Warum Paket-Nerds sich dafür interessieren

LicenseFinder is important to package people because it exposes the practical mess of license metadata: every package manager has different files, commands, and metadata conventions, so the tool's value is in its adapters and decision record as much as in license detection.

Zeitleiste

  • 2011-01-17: GitHub repository created.
  • 2021-06-25: v6.14.1 changelog entry includes a command-injection fix for CocoaPods projects.
  • 2022-03-04: v7.0.0 adds Ruby 3 support, Flutter scanning, and SPDX identifier reporting.
  • 2022-11-28: v7.1.0 adds a pre-commit hook.
  • 2024-05-07: v7.2.0 adds Ruby 3.3 support and several package-manager compatibility updates.

Related projects

  • Related projects include package-manager license commands, SPDX identifiers, pre-commit, and license-policy tools such as Licensed.

Sicherheitslage

Risikostufe: grün

narrow executable package without higher-risk signals.

Risikoklassifikator

grün Risiko · niedrig Konfidenz · appliance

Warum

  • narrow executable package without higher-risk signals

Signale

  • metadata:no-higher-risk-signals

Installationsverhalten

  • In den Formelmetadaten ist kein Homebrew-Post-install-Hook erfasst.
  • Homebrew-Bottle-Metadaten sind für 6 Plattformziele verfügbar.
  • Installiert mit 1 Laufzeitabhängigkeiten.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
config/license_finder.ymldoc/dependency_decisions.yml

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
license_findercliglobales Executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-07-08
Manager-Version7.2.1
Manager aktualisiert2026-06-22
lokale DatenOK
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://github.com/pivotal/LicenseFinder

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:licensefinder
Version7.2.1
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/licensefinder
Homepagehttps://github.com/pivotal/LicenseFinder
Repositoryhttps://github.com/pivotal/LicenseFinder
Upstream-Dokumentationhttps://github.com/pivotal/LicenseFinder#readme
LizenzMIT
Quellarchivhttps://github.com/pivotal/LicenseFinder.git
Zuletzt aktualisiert2026-06-22T14:05:10-07:00
Pulseupdated
Abhängigkeitenruby
Bottleverfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnicht definiert
Dienstkeiner deklariert

Registry-Fakten

Details aus der Quelldatenbank

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelicensefinder
Version Scheme0
Revision1
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

Source-Datenbank-Treffer

Andere Paketmanager-Einträge

Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.

Nix92%

license_finder

nix profile install nixpkgs#license_finder
  • installed executable or alias match
  • Abgeglichen nach: License Finder
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/li/license_finder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment