Automic VaultAutomic Vault

brew

Install licensed with Homebrew, Nix

Cache and verify the licenses of dependencies. Version 5.1.0 via Homebrew; verified 2026-06-13.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install licensed

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#licensed

nixpkgs package indexes · pkgs/by-name/li/licensed/package.nix · source: api.github.com

overview

Package summary

Cache and verify the licenses of dependencies

Commands and aliases

  • licensed

history

Project history and usage

Licensed is a Ruby command-line tool for caching dependency license texts and checking them against repository policy. It sits in the GitHub Licensee ecosystem: Licensee detects license text, while Licensed records and verifies the dependency-level results that package managers expose.

Project history

The public GitHub repository was created on 2018-02-02 under GitHub's license tooling namespace and later moved under the licensee organization. The README describes the project as a Ruby gem and warns that it is not a complete open-source compliance solution.

The changelog shows the project evolving through compatibility-driven releases: v3 added migration guidance for self-contained builds, v4 removed self-contained executable releases and older Go support, and v5 required Ruby 3.0 or newer.

Adoption history

Licensed became useful to repositories that wanted license checks in development and continuous integration without manually inspecting every transitive dependency. Its source enumerators cover multiple language ecosystems, and its Homebrew formula made the Ruby CLI easy to install on macOS.

How it is used

A project adds a .licensed.yml file, runs Licensed to cache dependency records, and then runs status or verification commands to catch newly introduced, stale, or disallowed dependency licenses.

Why package nerds care

Licensed is package-nerd notable because it treats license review as package metadata that can be cached, diffed, and enforced in CI. It also shows the practical boundary between SPDX-style license identification and the messy package-manager work of finding dependency sources.

Timeline

  • 2018-02-02: GitHub repository created.
  • 2022-03-17: v3.6.0 changelog entry adds getting-started documentation and npm-workspaces support.
  • 2023: v4.0.0 changelog entry removes self-contained executable releases and adds CocoaPods and Gradle multi-project support.
  • 2024: v5.0.0 changelog entry requires Ruby 3.0 or newer.
  • 2025: v5.0.3 changelog entry adds pnpm v9 support.

Related projects

  • Related projects include Licensee for license detection, SPDX license data, and other dependency-license scanners such as LicenseFinder.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 2 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
./.licensed.yml

executables

Installed executables

CommandKindExposureNote
licensedcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version5.1.0
manager updated2026-06-13
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/licensee/licensed

install metadata

Package metadata

Package keybrew:licensed
Version5.1.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/licensed
Homepagehttps://github.com/licensee/licensed
Repositoryhttps://github.com/licensee/licensed
Upstream docshttps://github.com/licensee/licensed#readme
LicenseMIT
Source archivehttps://github.com/licensee/licensed.git
Last updated2026-06-13T23:35:01+02:00
Pulseupdated
Dependencieslibgit2, ruby
Build dependenciescmake, pkgconf
Uses from macOSlibxml2, libxslt
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelicensed
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

licensed

nix profile install nixpkgs#licensed
  • normalized package name match
  • Matched by: Licensed
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/li/licensed/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment