Automic VaultAutomic Vault

brew

Install feluda with Homebrew

Detect license usage restrictions in your project. Version 1.14.0 via Homebrew; verified 2026-06-26.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install feluda

local Homebrew formula metadata

overview

Package summary

Detect license usage restrictions in your project

Commands and aliases

  • feluda

history

Project history and usage

Feluda is a Rust command-line tool for dependency license analysis, license-restriction checks, compliance file generation, and SBOM generation.

Project history

The official README presents Feluda as actively developed but still experimental, with a fast iteration model. GitHub releases show a 1.0.0 release in January 2025 and a 1.14.0 release in June 2026.

The Read the Docs site frames the tool around scanning source trees across Rust, Node, Go, Python, C/C++, .NET, R, Java, Maven, Gradle, and Ruby ecosystems, then extending into SBOM and CI workflows.

Adoption history

Official installation paths include Cargo and GitHub release packages for Debian and RPM systems. The README also documents community-maintained Homebrew, AUR, and NetBSD/pkgsrc packaging, with release tracking through GitHub releases and a release feed.

How it is used

Default usage scans a project path for dependency license information, with language selection, local-license detection, network lookup fallback, OSI approval filters, compliance file generation, and SPDX or CycloneDX SBOM output.

Why package nerds care

Feluda fits the recent package-manager interest in supply-chain metadata: it turns manifests and package metadata into license and SBOM outputs that can be run locally, in CI, or from a release artifact.

Timeline

  • 2025: 1.0.0 release published on GitHub.
  • 2026: 1.14.0 released on 2026-06-26.

Related projects

  • SPDX and CycloneDX are related SBOM formats supported by Feluda.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
feludacliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.14.0
manager updated2026-06-26
local dataok
upstreamcurrent
latest detectedv1.14.0

https://github.com/anistark/feluda

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:feluda
Version1.14.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/feluda
Homepagehttps://github.com/anistark/feluda
Repositoryhttps://github.com/anistark/feluda
Upstream docshttps://feluda.readthedocs.io/en/latest
LicenseMIT
Source archivehttps://github.com/anistark/feluda/archive/refs/tags/v1.14.0.tar.gz
Last updated2026-06-26T18:26:22Z
Pulseupdated
Dependenciesopenssl@3
Build dependenciespkgconf, rust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namefeluda
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment