PHPackages madewithlove/license-checker - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [CLI & Console](/categories/cli) 4. / 5. madewithlove/license-checker ActiveLibrary[CLI & Console](/categories/cli) madewithlove/license-checker ============================ CLI tool to verify allowed licenses for composer dependencies 3.1.0(1mo ago)54449.8k↓22.8%520MITPHPPHP ^8.4CI passing Since Mar 10Pushed 1mo ago7 watchersCompare [ Source](https://github.com/madewithlove/license-checker-php)[ Packagist](https://packagist.org/packages/madewithlove/license-checker)[ RSS](/packages/madewithlove-license-checker/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (14)Versions (28)Used By (20) CLI Licence checker for composer dependencies ============================================= [](#cli-licence-checker-for-composer-dependencies) This library offers a simple CLI tool to show the licenses used by composer dependencies in your project. These licenses can be verified against a list of allowed (or denied) licenses to offer a way for your continuous integration pipeline to block merging when a non-verified license is being introduced to the codebase. Upgrading from 2.x ------------------ [](#upgrading-from-2x) Version 3.x introduces a new structured configuration format. Run the migration command to upgrade: ``` vendor/bin/license-checker migrate-config --remove-old ``` This converts your `.allowed-licenses` file to the new `.license-checker.yml` format. See [full migration details](#migrating-from-2x) below. Installation ------------ [](#installation) Installing should be a breeze thanks to `composer`: Note that you need PHP 8.4 to install the latest version (3.x). ``` composer require madewithlove/license-checker ``` Configuration ------------- [](#configuration) Create a `.license-checker.yml` file in the root of your project (where `composer.json` is located). ### Allowlist mode [](#allowlist-mode) Only the listed licenses are permitted. Any dependency using a license not on this list will be flagged: ``` # .license-checker.yml allowed: - MIT - BSD-3-Clause - Apache-2.0 ``` ### Denylist mode [](#denylist-mode) All licenses are permitted **except** the ones listed. Use this when you want to block specific licenses: ``` # .license-checker.yml denied: - GPL-3.0 - AGPL-3.0 ``` > **Note:** `allowed` and `denied` are mutually exclusive — you must use one or the other, not both. It's possible to use a custom configuration file by passing the `--filename` (or `-f`) option to the CLI commands. Usage ----- [](#usage) These are the different CLI commands: ### Check licenses [](#check-licenses) ``` vendor/bin/license-checker check ``` ### List used licenses [](#list-used-licenses) ``` vendor/bin/license-checker used ``` ### List configured licenses [](#list-configured-licenses) Shows the configured allowed or denied licenses: ``` vendor/bin/license-checker list-config ``` ### Count used licenses [](#count-used-licenses) ``` vendor/bin/license-checker count ``` ### Automatically generate configuration [](#automatically-generate-configuration) This command will automatically generate a `.license-checker.yml` configuration in allowlist mode based on the currently used licenses: ``` vendor/bin/license-checker generate-config ``` ### Excluding development dependencies [](#excluding-development-dependencies) Passing the `--no-dev` option to the CLI commands will scope all checks to production dependencies only. Checking production and development dependencies against separate configuration files is possible by passing options: ``` vendor/bin/license-checker check --no-dev --filename .license-checker-production.yml vendor/bin/license-checker check --filename .license-checker-including-dev.yml ``` ### Output Formats (--format option) [](#output-formats---format-option) You can choose how license information is displayed — either as a human-readable table (text) or in machine-readable JSON format. ``` vendor/bin/license-checker check --format=json ``` ``` { "laravel/framework": { "license": "MIT", "is_allowed": true }, "phpunit/phpunit": { "license": "BSD-3-Clause", "is_allowed": false } } ``` ``` vendor/bin/license-checker check --format=text ``` ``` ✓ phpunit/phpunit [BSD-3-Clause] ✓ symfony/console [MIT] ``` By default, results are printed as human-readable text. Use `--format=json` for structured machine-readable output. Migrating from 2.x ------------------ [](#migrating-from-2x) Version 3.x introduces a new structured configuration format. Here's what changed: ### Configuration file format [](#configuration-file-format) The old format was a plain YAML list in `.allowed-licenses`: ``` # OLD format (.allowed-licenses) — no longer supported - MIT - BSD-3-Clause ``` The new format uses a structured YAML file (`.license-checker.yml`) with an explicit `allowed` or `denied` key: ``` # NEW format (.license-checker.yml) allowed: - MIT - BSD-3-Clause ``` ### Automatic migration [](#automatic-migration) Use the `migrate-config` command to convert your old configuration: ``` vendor/bin/license-checker migrate-config ``` This reads `.allowed-licenses` and writes `.license-checker.yml` with the `allowed:` key. To also remove the old file: ``` vendor/bin/license-checker migrate-config --remove-old ``` ### Renamed commands [](#renamed-commands) 2.x3.x`allowed``list-config`### Other breaking changes [](#other-breaking-changes) - Minimum PHP version is now 8.4 (was 8.3) - Minimum Symfony version is now 7.4 (was 4.0) ### Health Score 67 — FairBetter than 100% of packages Maintenance89 Actively maintained with recent releases Popularity49 Moderate usage in the ecosystem Community30 Small or concentrated contributor base Maturity84 Battle-tested with a long release history Bus Factor1 Top contributor holds 81.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~100 days Recently: every ~84 days Total 23 Last Release 53d ago Major Versions v0.10.0 → v1.02021-02-10 v1.6 → v2.02025-04-25 v2.1 → v3.0.02026-03-19 PHP version history (4 changes)v1.0PHP ^8.0 v1.4PHP ^8.1 v2.0PHP ^8.3 v3.0.0PHP ^8.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/df052a58ecfa5a07fd2b4cb12bb128ab28ff4b8e82fb0831eab81623b898ddb4?d=identicon)[madewithlove-machine-user](/maintainers/madewithlove-machine-user) --- Top Contributors [![jdrieghe](https://avatars.githubusercontent.com/u/12606789?v=4)](https://github.com/jdrieghe "jdrieghe (231 commits)")[![WouterSioen](https://avatars.githubusercontent.com/u/1398405?v=4)](https://github.com/WouterSioen "WouterSioen (33 commits)")[![peterpacket](https://avatars.githubusercontent.com/u/5574437?v=4)](https://github.com/peterpacket "peterpacket (8 commits)")[![ishifoev](https://avatars.githubusercontent.com/u/34019391?v=4)](https://github.com/ishifoev "ishifoev (6 commits)")[![ramsey](https://avatars.githubusercontent.com/u/42941?v=4)](https://github.com/ramsey "ramsey (2 commits)")[![saulens22](https://avatars.githubusercontent.com/u/9000854?v=4)](https://github.com/saulens22 "saulens22 (2 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![hosni](https://avatars.githubusercontent.com/u/47793698?v=4)](https://github.com/hosni "hosni (1 commits)") --- Tags clicomposerhacktoberfestlicenselicense-managementphp ### Code Quality TestsPHPUnit Static AnalysisPHPStan, Psalm Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/madewithlove-license-checker/health.svg) ``` [![Health](https://phpackages.com/badges/madewithlove-license-checker/health.svg)](https://phpackages.com/packages/madewithlove-license-checker) ``` ### Alternatives [crunzphp/crunz Schedule your tasks right from the code. 2292.0M6](/packages/crunzphp-crunz)[crazywhalecc/static-php-cli Build single static PHP binary, with PHP project together, with popular extensions included. 1.8k13.9k](/packages/crazywhalecc-static-php-cli)[illuminate/console The Illuminate Console package. 12944.1M5.1k](/packages/illuminate-console)[phpcr/phpcr-shell Shell for PHPCR 721.3M8](/packages/phpcr-phpcr-shell) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)