PHP Composer: Check the licenses of the packages you are using in your project

Software License
Software License

It’s not very often that developers know or check the licenses used by the packages in their project, Failure to adhere to a license can have serious repercussions especially when building commercial software for clients. Therefore it is a good habit to know what licenses your project requires and making sure you get the appropriate libraries which cater for that – or just paying for the license.

A client of ours (Commercial Symfony2 application) asked my team about the bundles and packages we were using in his application and what kind of licenses they came with. He was happy with the functionality but just needed to make sure if he needs to pay for any of them.

Posed with such a question, I remembered vaguely reading through the Composer documentation about a feature which allowed for checking of licenses on the project’s packages.

As it turns out, you can check the licenses of the packages used in your project with this simple command on Composer.

./composer licenses

You should get an output similar to the one below.
NB: The output is from a Symfony2 project.

Name: symfony/framework-standard-edition
Version: 2.4.x-dev
Licenses: MIT

doctrine/annotations v1.1.2 MIT
doctrine/cache v1.3.0 MIT
doctrine/collections v1.2 MIT
doctrine/common v2.4.1 MIT
doctrine/data-fixtures v1.0.0 MIT
doctrine/dbal v2.4.2 MIT
doctrine/doctrine-bundle v1.2.0 MIT
doctrine/doctrine-fixtures-bundle dev-master 351bcc4 MIT
doctrine/doctrine-migrations-bundle dev-master 667f208 MIT
doctrine/inflector v1.0 MIT
doctrine/lexer v1.0 MIT
doctrine/migrations dev-master 0742fc7 LGPL
doctrine/orm v2.4.2 MIT
friendsofsymfony/jsrouting-bundle 1.5.3 MIT
gedmo/doctrine-extensions dev-master e16bc46 MIT
gregwar/captcha v1.0.10 MIT
gregwar/captcha-bundle dev-master 8199d20 MIT
incenteev/composer-parameter-handler v2.1.0 MIT
jdorn/sql-formatter v1.2.17 MIT
jms/aop-bundle 1.0.1 Apache
jms/cg 1.0.0 Apache
jms/di-extra-bundle 1.4.0 Apache
jms/metadata 1.5.0 Apache
jms/parser-lib 1.0.0 Apache2
jms/security-extra-bundle dev-master 66d9c79 Apache2
knplabs/knp-components 1.2.5 MIT
knplabs/knp-paginator-bundle dev-master 0558122 MIT
kriswallsmith/assetic v1.1.2 MIT
monolog/monolog 1.7.0 MIT
oldsound/rabbitmq-bundle v1.2.1 MIT
phpoffice/phpexcel dev-master 0322690 LGPL
phpoption/phpoption 1.4.0 Apache2
psr/log 1.0.0 MIT
ptachoire/cssembed v1.0.2 MIT
raulfraile/ladybug v1.0.8 MIT
raulfraile/ladybug-bundle v1.0.0 MIT
raulfraile/ladybug-installer v1.0.1 MIT
raulfraile/ladybug-plugin-extra v1.0.1 MIT
raulfraile/ladybug-plugin-symfony2 dev-master 81a50bd MIT
raulfraile/ladybug-theme-modern v1.0.6 MIT
sabre/vobject 3.1.3 BSD-3-Clause
sensio/distribution-bundle v2.3.4 MIT
sensio/framework-extra-bundle v3.0.0 MIT
sensio/generator-bundle v2.3.4 MIT
stfalcon/tinymce-bundle dev-master 435bced MIT
stof/doctrine-extensions-bundle dev-master ec56540 MIT
swiftmailer/swiftmailer v5.0.3 MIT
symfony/assetic-bundle v2.3.0 MIT
symfony/icu v1.2.0 MIT
symfony/monolog-bundle v2.5.1 MIT
symfony/swiftmailer-bundle v2.3.5 MIT
symfony/symfony v2.4.2 MIT 6.0.061 LGPLv3
twig/extensions v1.0.1 MIT
twig/twig v1.15.1 BSD-3-Clause
videlalvaro/php-amqplib v2.1.0 LGPL-2.1
whiteoctober/tcpdf-bundle dev-master 0e82ad1 MIT
willdurand/jsonp-callback-validator v1.1.0 MIT

Thanks for reading, Bye.

The following two tabs change content below.

Mfana Ronald Conco