# Install licensefinder with Homebrew, Nix

Find licenses for your project's dependencies. Version 7.2.1 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:licensefinder
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install licensefinder
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#license_finder
```

  Evidence: nixpkgs package indexes: pkgs/by-name/li/license_finder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:licensefinder
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/licensefinder>
- **Version:** 7.2.1
- **Source summary:** Find licenses for your project's dependencies
- **Homepage:** <https://github.com/pivotal/LicenseFinder>
- **Repository:** <https://github.com/pivotal/LicenseFinder>
- **Upstream docs:** <https://github.com/pivotal/LicenseFinder#readme>
- **License:** MIT
- **Source archive:** <https://github.com/pivotal/LicenseFinder.git>
- **Last updated:** 2026-06-22T14:05:10-07:00
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- license_finder (cli)
- license_finder (alias)

## Dependencies

- ruby

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 7.2.1
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://github.com/pivotal/LicenseFinder
- info: No cached GitHub release or tag data was available.
## Project history and usage

LicenseFinder is Pivotal's long-running Ruby CLI for finding dependency licenses, comparing them with approved policies, and reporting unapproved packages. It covers many project types by calling their native package managers rather than treating license scanning as a single-language problem.

### Project history

The public repository was created on 2011-01-17. The README describes a tool that works with package managers to find dependencies, detect licenses, compare them with permitted licenses, and produce actionable exception reports.

The changelog records a broadening scope over time: support for Ruby, Node, Python, Java, Go, CocoaPods, Swift Package Manager, Rust Cargo, PHP Composer, Conda, Flutter, and other ecosystems appears across releases. Release 7.0.0 in 2022 added Ruby 3 support, Flutter scanning, and SPDX identifier reporting.

### Adoption history

LicenseFinder spread through CLI, RubyGems, Homebrew, Docker, and pre-commit workflows. Its Docker image bundles package managers so CI jobs can scan mixed-language repositories without installing every ecosystem tool on the host.

### How it is used

Users run license_finder after installing project dependencies. The tool records approvals and permitted licenses, exits non-zero for unapproved dependencies, and can run in CI to catch new dependency-license work items.

### Why package nerds care

LicenseFinder is important to package people because it exposes the practical mess of license metadata: every package manager has different files, commands, and metadata conventions, so the tool's value is in its adapters and decision record as much as in license detection.

### Timeline

- 2011-01-17: GitHub repository created.
- 2021-06-25: v6.14.1 changelog entry includes a command-injection fix for CocoaPods projects.
- 2022-03-04: v7.0.0 adds Ruby 3 support, Flutter scanning, and SPDX identifier reporting.
- 2022-11-28: v7.1.0 adds a pre-commit hook.
- 2024-05-07: v7.2.0 adds Ruby 3.3 support and several package-manager compatibility updates.

### Related projects

- Related projects include package-manager license commands, SPDX identifiers, pre-commit, and license-policy tools such as Licensed.

### Sources

- <https://api.github.com/repos/pivotal/LicenseFinder>
- <https://formulae.brew.sh/formula/licensefinder>
- <https://github.com/pivotal/LicenseFinder>
- <https://raw.githubusercontent.com/pivotal/LicenseFinder/master/CHANGELOG.md>
- <https://raw.githubusercontent.com/pivotal/LicenseFinder/master/README.md>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: config/license_finder.yml, doc/dependency_decisions.yml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** licensefinder
- **Version Scheme:** 0
- **Revision:** 1
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - license_finder: installed executable or alias match | nixpkgs package indexes: pkgs/by-name/li/license_finder/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Package publisher tools](https://www.automicvault.com/pkg/package-publishers/) - Belongs to a package publishing or registry command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [ruby](https://www.automicvault.com/pkg/brew/ruby/) - Runtime dependency declared by Homebrew.
- [licensed](https://www.automicvault.com/pkg/brew/licensed/) - Shares av.db curated category or tags: cli, dependencies, developer-tools, license-compliance, licenses.
- [licenseplist](https://www.automicvault.com/pkg/brew/licenseplist/) - Shares av.db curated category or tags: cli, developer-tools, license-compliance, licenses.
- [license-eye](https://www.automicvault.com/pkg/brew/license-eye/) - Shares av.db curated category or tags: cli, developer-tools, license-compliance.
- [licensor](https://www.automicvault.com/pkg/brew/licensor/) - Shares av.db curated category or tags: cli, developer-tools, license-compliance.
- [anycable-go](https://www.automicvault.com/pkg/brew/anycable-go/) - Shares av.db curated category or tags: cli, developer-tools, ruby.
- [brew-gem](https://www.automicvault.com/pkg/brew/brew-gem/) - Shares av.db curated category or tags: cli, developer-tools, ruby.
- [cargo-chef](https://www.automicvault.com/pkg/brew/cargo-chef/) - Shares av.db curated category or tags: cli, dependencies, developer-tools.
- [cargo-edit](https://www.automicvault.com/pkg/brew/cargo-edit/) - Shares av.db curated category or tags: cli, dependencies, developer-tools.

## Combined YAML source

View the package source record on GitHub. [combined/licensefinder.yml](https://github.com/automic-vault/db/blob/main/combined/licensefinder.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
