Due to compliance reasons, I need to generate a list of all software packages we use with their licenses. Also for indirect (transitive) dependencies.
I know how to do the same with Python using pkg.get_metadata_lines("PKG-INFO")
or for JavaScript using yarn licenses
, but I have no clue how to do it with a Podfile.lock.
Given a Podfile.lock, how can I do something like this:
$ get-licenses Podfile.lock
BigInt==1.2.3;MIT
CryptoSwift==4.5.6;Apache License 2.0
SwiftProtobuf==1.3.5;BSDv3
Python example to get transitive dependencies:
Result for this file:
You can get licenses using
DEPENDENCIES
orEXTERNAL SOURCES
sections. Just find specific files in repos. Or, if you can find those packages using the OS package system (and then use, for exampleyarn licenses list
, on them), that's an option.