PHPackages selfphp/composer-license-audit - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [DevOps & Deployment](/categories/devops) 4. / 5. selfphp/composer-license-audit ActiveLibrary[DevOps & Deployment](/categories/devops) selfphp/composer-license-audit ============================== Automated license audit tool for Composer dependencies with blacklist and CI integration. 1.0.0(11mo ago)17โ†“50%MITPHPPHP ^8.1CI failing Since Jun 7Pushed 11mo agoCompare [ Source](https://github.com/selfphp/composer-license-audit)[ Packagist](https://packagist.org/packages/selfphp/composer-license-audit)[ RSS](/packages/selfphp-composer-license-audit/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) ๐ŸŽฏ composer-license-audit ======================== [](#-composer-license-audit) A simple and powerful CLI tool to **analyze Composer dependencies** for license compliance. Useful for companies, open-source maintainers, and CI/CD pipelines. --- ๐Ÿš€ Features ---------- [](#-features) - ๐Ÿ” Parses `composer.lock` and detects licenses - โŒ Compares against a blacklist (`config/blacklist.json`) - โœ… Supports per-package exceptions (`config/allowed-packages.json`) - ๐Ÿ“Š CSV and JSON export - ๐Ÿงช CI-friendly: exits with code `1` on violations --- ๐Ÿ“ฆ Installation -------------- [](#-installation) ``` composer require --dev selfphp/composer-license-audit ``` Or install globally: ``` composer global require selfphp/composer-license-audit ``` --- ๐Ÿ”ง Configuration --------------- [](#-configuration) ### `config/blacklist.json` [](#configblacklistjson) ``` { "forbidden": [ "AGPL-3.0", "GPL-3.0-only", "GPL-3.0-or-later", "CC-BY-SA-4.0" ] } ``` ### `config/allowed-packages.json` [](#configallowed-packagesjson) ``` { "exceptions": [ "legacy/package", "acme/unstable-lib" ] } ``` --- ๐Ÿง‘โ€๐Ÿ’ป Usage --------- [](#โ€-usage) ### Basic scan: [](#basic-scan) ``` vendor/bin/license-audit ``` ### With CSV + CI check: [](#with-csv--ci-check) ``` vendor/bin/license-audit \ --fail-on-blacklist \ --csv=report/licenses.csv ``` ### With custom paths: [](#with-custom-paths) ``` vendor/bin/license-audit \ --lockfile=/custom/path/composer.lock \ --blacklist=config/blacklist.json ``` --- ๐Ÿ“Š Example Output ---------------- [](#-example-output) ``` Package License Status symfony/console MIT OK some/forbidden-lib AGPL-3.0 VIOLATION ``` --- โœ… Exit Codes ------------ [](#-exit-codes) CodeMeaning`0`No violations`1`At least one violation--- ๐Ÿงช CI/CD Integration ------------------- [](#-cicd-integration) **GitHub Actions:** ``` - name: Check Composer Licenses run: vendor/bin/license-audit --fail-on-blacklist ``` --- ๐Ÿงช CI Integration Examples ------------------------- [](#-ci-integration-examples) Example configuration files for popular CI providers are available in [`docs/ci/`](docs/ci): - [GitHub Actions](docs/ci/github-actions.yml) - [GitLab CI](docs/ci/gitlab-ci.yml) - [Bitbucket Pipelines](docs/ci/bitbucket-pipelines.yml) --- ๐Ÿ‘ค Author -------- [](#-author) **Damir Enseleit** GitHub: [@selfphp](https://github.com/selfphp) Website: ๐Ÿค Contributing -------------- [](#-contributing) Found a bug or have a feature request? Feel free to open an issue or submit a pull request. Contributions are welcome! ๐Ÿ“„ License --------- [](#-license) MIT โ€“ use it, fork it, improve it! Feel free to contribute! ### Health Score 30 โ€” LowBetter than 65% of packages Maintenance52 Moderate activity, may be stable Popularity6 Limited adoption so far Community8 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 66.7% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 336d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d9da560cb003f45736b988e005afce3c17647553a1c1cea771b3cde3b7890ad1?d=identicon)[SELFPHP](/maintainers/SELFPHP) --- Top Contributors [![DamirEnseleit](https://avatars.githubusercontent.com/u/206047444?v=4)](https://github.com/DamirEnseleit "DamirEnseleit (2 commits)")[![selfphp](https://avatars.githubusercontent.com/u/12782362?v=4)](https://github.com/selfphp "selfphp (1 commits)") --- Tags phpcomposerlicensedependencyAuditciblacklistcompliance ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/selfphp-composer-license-audit/health.svg) ``` [![Health](https://phpackages.com/badges/selfphp-composer-license-audit/health.svg)](https://phpackages.com/packages/selfphp-composer-license-audit) ``` ### Alternatives [wsdltophp/packagegenerator Generate hierarchical PHP classes based on a WSDL 4351.9M19](/packages/wsdltophp-packagegenerator) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)