We were surprised during a recent release review to discover some GPL packages had been installed as transitive dependencies. Is there a way to configure either pip or poetry installs to fail on certain license types? Our legacy services use pip and new services use poetry. Alternately, is there at least a good way to list the licenses of all dependencies, including transitive dependencies?
Is there a way to configure either pip or poetry installs to fail on certain license types?
There is not.
Alternately, is there at least a good way to list the licenses of all dependencies, including transitive dependencies?
The pip-licenses project will list the licenses of all dependencies:
$ pip-licenses
Name Version License
Django 2.0.2 BSD
pytz 2017.3 MIT